[Date Prev][Date Next]
Re: Bug in tlso_session_chkhost?
--On Wednesday, May 10, 2017 7:02 PM +0100 Howard Chu <firstname.lastname@example.org> wrote:
The point is there is nothing on your machine that says your hostname is
"localhost". Therefore, since the subjectAltName of DNS:localhost doesn't
match any known name for your host, the cert is rejected.
Sure there is, /etc/hosts. And as I noted, per RFC 6761, "localhost." is a
recognized domain. The OpenLDAP code is incorrect.
A better solution would be for the localhost case to check if (a) the cert
has a match, and if it fails, then fall back to see if it matches
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: