[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL strangeness



Dieter Kluenter wrote:
> Victor Mataré <matare@lih.rwth-aachen.de> writes:
> 
>> Dieter Kluenter wrote:
>>> Victor Mataré <matare@lih.rwth-aachen.de> writes:
> [...]
>>>
>>> The FQDN of the certificate is ldap.lih.rwth-aachen.de, but your
>>> search URI is bussard.lih.rwth-aachen.de
>>>
>>> -Dieter
>>>
>> Yep, that's alright. The certificate contains multiple alternative CNs,
>> one of which is bussard.lih.rwth-aachen.de. They're just not shown here,
>> but the cert is definitely valid for that hostname, so that's not the
>> cause of the problem. And even if it was, slapd shouldn't just hang. But
>> thanks for looking carefully.
> 
> GnuTLS cannot handle the subjectAltName attribute, thus if eihter
> client and/or server are linked with libgnutls it will cause such
> problem. 

False.
-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/