[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Welcome to openldap-software



Hello,

I have the latest OpenLDAP and OpenSSL, and I'm trying to talk with an LDAP
server that has an odd CN in its certificate.

The FQDN is "foo.company.com", and the CN in its certificate is
"CN=(foo|bar).company.com" ... openssl s_client validates the site
correctly, but openldap gives the error "TLS: hostname does not match CN in
peer certificate"

I don't know if vertical bars are allowed in CNs like the certificate I
have, but since the certificate came from Verisign, I suspect that they are
OK, even if rarely used.

Is this a known bug in openldap?  Is there a good work-around, short of
buying a new certificate?

Thanks,
David.