[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS hostname check screwed up?



Howard Chu wrote:
> Michael Ströder wrote:
>>
>> I'm using libldap of RE24 and have a problem with host name checking when
>> doing TLS.
>>
>> OpenLDAP's debug output (real hostname exactly replaced by
>> srv.domain.local):
>>
>> ------------------------------ snip ------------------------------
>> TLS: hostname (srv.domain.local.) does not match common name in
>> certificate
>> (srv.domain.local).
>> ------------------------------ snip ------------------------------
>>
>> Is this because of the trailing dot?
> 
> Probably. The RFC requires an exact match, there's no exception for dots.

It seems I messed up something locall. Sorry for the noise.

Ciao, Michael.