[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Bug in tlso_session_chkhost?

--On Tuesday, May 09, 2017 11:01 AM +0100 Howard Chu <hyc@symas.com> wrote:

if I remove the check against the "localhost" name, things succeed as

Fwiw, I routinely test with a localhost cert, and this check has never
tripped for me. But my ldap_int_hostname is also "localhost" - apparently
something on your system insists that your hostname is "u16build".

One of the main tenants of the test suite is that it be portable. I think mandating that anyone who wants to run the test suite must use a host with a hostname set to "localhost" is untennable. Because of this bug, the test suite will have to have a dependency on the "openssl" command line binary so that it can generate certs based on the hostname of the system where it is being run. Without this problematic code, we could simple check in pre-generated certs, removing that dependency.

I do not see anything that indicates the check is actually valid, and unfortunately the commit message makes no reference to any ITS or other issue it supposedly fixes.



Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: