[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS hostname check relaxed?

Howard Chu wrote:
> Michael Ströder wrote:
>> HI!
>> I vaguely remember that there were code changes to the hostname cert
>> checking when connecting via StartTLS ext.op. or LDAPS. But I'd prefer
>> if the default behaviour would be strict like it was.
> You'll have to be more specific. What are you seeing that it doesn't do
> any more?

The server cert has this subject name for server name nb2.stroeder.local:

But I can successfully connect to it with this command:

ldapsearch -H ldaps://localhost:1391

>From my understanding this should not be possible by default.

Ciao, Michael.