[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL/TLS failure of 2.0.11 on RH7.1

Subject: Re: SSL/TLS failure of 2.0.11 on RH7.1
From: David Wright <ichbin@heidegger.rprc.washington.edu>
Date: Fri, 10 Aug 2001 00:52:16 -0700
Cc: openLDAP-software@OpenLDAP.org
References: <3B71F85A.6050606@heidegger.rprc.washington.edu> <3B71FBA3.10707@heidegger.rprc.washington.edu> <3B722870.1060705@heidegger.rprc.washington.edu>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010802

Well, thanks to nalin@redhat.com, this rather obscure problem is solved. My slapd.pem said cn=128.95.53.190 which is true. I said ldaps://128.95.53.190 to ldapsearch, which obviously agrees with the server's cn. But 2.0.11 apparently FIRST RESOLVES the IP and THEN COMPARES the resulting FQDN to the server cn. Regenerating slapd.pem with cn=merleau.rprc.washington.edu solved the problem. Is there some RPC spec that says a cn must be a FQDN and not an IP?

This behaviour did not exist in 2.0.7 and franky, I like the old way better. I would suggest at very least a helpful error message when ldapsearch fails because of cn disagreement, rather than failing silently and leaving the user to track down such an obscure issue.

References:
- SSL/TLS failure of 2.0.11 on RH7.1
  - From: David Wright <ichbin@heidegger.rprc.washington.edu>
- Re: SSL/TLS failure of 2.0.11 on RH7.1
  - From: David Wright <ichbin@heidegger.rprc.washington.edu>

Prev by Date: Re: back up for ldap ...
Next by Date: Re: back up for ldap ...
Index(es):
- Chronological
- Thread