[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL strangeness



Dieter Kluenter wrote:
Victor Mataré <matare@lih.rwth-aachen.de> writes:

Hello,

I'm seeing some really weird behaviour when using ldaps:// on an
openldap-2.3.43 server. It's a Gentoo Linux box with
glibc-2.9_p20081201-r2 and openssl-0.9.8k. I have already recompiled
the entire system with gcc-4.3.4 (twice to be sure), with no
errors. First of all, ldapsearch -H ldaps://bussard.lih.rwth-aachen.de

Hydrogeologie/CN=ldap.lih.rwth-aachen.de

Hydrogeologie/CN=ldap.lih.rwth-aachen.de

The FQDN of the certificate is ldap.lih.rwth-aachen.de, but your
search URI is bussard.lih.rwth-aachen.de

-Dieter
Yep, that's alright. The certificate contains multiple alternative CNs,
one of which is bussard.lih.rwth-aachen.de. They're just not shown here,
but the cert is definitely valid for that hostname, so that's not the
cause of the problem. And even if it was, slapd shouldn't just hang. But
thanks for looking carefully.