[Date Prev][Date Next]
Re: TLS hostname check relaxed?
Howard Chu wrote:
> Michael Ströder wrote:
>> I vaguely remember that there were code changes to the hostname cert
>> checking when connecting via StartTLS ext.op. or LDAPS. But I'd prefer
>> if the default behaviour would be strict like it was.
> You'll have to be more specific. What are you seeing that it doesn't do
> any more?
The server cert has this subject name for server name nb2.stroeder.local:
But I can successfully connect to it with this command:
ldapsearch -H ldaps://localhost:1391
>From my understanding this should not be possible by default.