[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Verifying 'CN' in client certificates using TLS

To: Steve Powers <sgp@pani.cx>, Openldap-Liste <openldap-software@OpenLDAP.org>
Subject: Re: Verifying 'CN' in client certificates using TLS
From: Norbert Klasen <norbert.klasen@daasi.de>
Date: Wed, 06 Feb 2002 10:29:48 +0100
Content-disposition: inline
In-reply-to: <20020205162007.D16394@contraption.co.uk>
References: <20020205162007.D16394@contraption.co.uk>

--On Dienstag, 5. Februar 2002 16:20 +0000 Steve Powers <sgp@pani.cx> wrote:

However, the 'CN' value of my client certificate are completely ignored,
as I can install the same certificates across several clients (machines in
this case) and they will work. I'm therefore deducting that provided the
client certs have been signed by my trusted CA (my own in this case) the
'CN' value is unimportant?

Is there a way to enforce 'CN' checking against a directory entry which
details DNS hostname, or even better IP address, in OpenLDAP?

Which version of OpenLDAP are you using? Recent version do perform the Server Identity Check according to RFC2830.

--
Norbert Klasen, Dipl.-Inform.
DAASI International GmbH                 phone: +49 7071 29 70336
Wilhelmstr. 106                          fax:   +49 7071 29 5114
72074 Tübingen                           email: norbert.klasen@daasi.de
Germany                                  web:   http://www.daasi.de

Follow-Ups:
- Re: Verifying 'CN' in client certificates using TLS
  - From: Steve Powers <sgp@pani.cx>

References:
- Verifying 'CN' in client certificates using TLS
  - From: Steve Powers <sgp@pani.cx>

Prev by Date: Re: OpenLDAP 2.0 v3 German Side?
Next by Date: Re: Problems with netscape (and other software) and nss_ldap
Index(es):
- Chronological
- Thread