[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL strangeness

Why don´t you try ldapsearch -H ldaps://ldap.lih.rwth-aachen.de as Dieter suggest you?
I´m not an expert in OpenLdap, but I´ve using it for some years, and some months ago, working with GnuTLS and SSL, I couldn´t contact because in the server certificate the CN was "ldap.server", and I was trying to connect trought ldapsearch -H ldaps://server
Both of the names were of the same computer, but SSL gave me an error saying me the CN server was "ldap.server", and I was trying to contact with "server".

2009/10/30 Howard Chu <hyc@symas.com>
Dieter Kluenter wrote:
> Howard Chu <hyc@symas.com> writes:
>> Dieter Kluenter wrote:
>>> GnuTLS cannot handle the subjectAltName attribute, thus if eihter
>>> client and/or server are linked with libgnutls it will cause such
>>> problem.
>> False.
> OK,
> https://savannah.gnu.org/support/index.php?106975
> has been fixed.

Note that this bug only affected certificates that contained XMPP
subjectAltNames. Since XMPP names are relatively new, most certs aren't
affected by this bug.

 -- Howard Chu
 CTO, Symas Corp.           http://www.symas.com
 Director, Highland Sun     http://highlandsun.com/hyc/
 Chief Architect, OpenLDAP  http://www.openldap.org/project/

Tristes guerras
si no es amor la empresa.
Tristes, tristes.

Tristes armas
si no son las palabras.
Tristes, tristes.

Tristes hombres
si no mueren de amores.
Tristes, tristes.