[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Bug in tlso_session_chkhost?

To: Howard Chu <hyc@symas.com>, Michael Ströder <michael@stroeder.com>, openldap-devel@openldap.org
Subject: Re: Bug in tlso_session_chkhost?
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Wed, 10 May 2017 08:53:44 -0700
Content-disposition: inline
In-reply-to: <60b094bf-a6b5-0dd7-d9c8-1aa25c765ebb@symas.com>
References: <2A006134276576B5A86D7A20@[192.168.1.19]> <WM!5e51e5d1a2ead3cba930ae31eb41d9bab1158bfe4fd4f1b3bc39bd41f8f6b36433bb02251fc67302a616e363c8ee0337!@mailstronghold-2.zmailcloud.com> <9744ec5c-90c0-68e3-5c7a-ace68fbd711d@symas.com> <796AD360ECF1C55A642A8F3B@[192.168.1.19]> <fa41d889-fd9b-07f9-5d09-2f0760d583b3@symas.com> <71671977-6211-348b-c8ac-586d4af0e031@stroeder.com> <WM!f23f84644cc0e2f103ba5c9aba1bd61059b687261a1c4293c1677863d7668e3bac63d2fb954d030905651563e1e4d1db!@mailstronghold-2.zmailcloud.com> <2817658C7EA0A04BD6B8FA96@[192.168.1.19]> <60b094bf-a6b5-0dd7-d9c8-1aa25c765ebb@symas.com>

--On Wednesday, May 10, 2017 4:21 PM +0100 Howard Chu <hyc@symas.com> wrote:

No. One or the other must match, but the CN must be an FQDN. The point of
alternatives is to support wildcards, aliases, and non-DNS name forms
(such as IP address).


RFC reference?

Unfortunately, I can't do an IP based cert either, since I've no idea
what "localhost" will actually map to on the system.


Sorry but that makes no sense. "localhost" is 127.0.0.1. Always.

Wish that were true, but I've come across installations where that wasn'tthe case (I've seen 127.0.0.2 for example). Also, on an IPv6 only machine,it could be ::1 (Although again, I've seen it be other IPv6 addresses aswell).


--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

Follow-Ups:
- Re: Bug in tlso_session_chkhost?
  - From: Michael Ströder <michael@stroeder.com>

References:
- Bug in tlso_session_chkhost?
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Bug in tlso_session_chkhost?
  - From: Howard Chu <hyc@symas.com>
- Re: Bug in tlso_session_chkhost?
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Bug in tlso_session_chkhost?
  - From: Howard Chu <hyc@symas.com>
- Re: Bug in tlso_session_chkhost?
  - From: Michael Ströder <michael@stroeder.com>
- Re: Bug in tlso_session_chkhost?
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Bug in tlso_session_chkhost?
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Bug in tlso_session_chkhost?
Next by Date: Re: Bug in tlso_session_chkhost?
Index(es):
- Chronological
- Thread