[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: start_tls: connect error

To: Michael Ströder <michael@stroeder.com>
Subject: Re: start_tls: connect error
From: Howard Chu <hyc@symas.com>
Date: Tue, 12 Jan 2010 23:22:16 -0800
Cc: openldap-software@openldap.org
In-reply-to: <4B4D727A.6020102@stroeder.com>
References: <87vdf7kueq.fsf@dkluenter.de> <4B4D1703.6010906@symas.com> <4B4D727A.6020102@stroeder.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9.3a1pre) Gecko/20091218 SeaMonkey/2.0a1pre Firefox/3.0.3

Michael Ströder wrote:
> Howard Chu wrote:
>> Show the output with debugging enabled. Note that "localhost" is treated
>> specially, and will be replaced by the local hostname instead of being used
>> directly in the name comparison.
> 
> Why that? I strongly dislike automagic things when doing security checks.

Probably because "localhost" is useless in an actual cert from a remote
server. This has been a feature of libldap since 2.1, so it's certainly
nothing new.
-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: start_tls: connect error
  - From: Michael Ströder <michael@stroeder.com>

References:
- start_tls: connect error
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: start_tls: connect error
  - From: Howard Chu <hyc@symas.com>
- Re: start_tls: connect error
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: start_tls: connect error
Next by Date: Re: Admin Guide: Tuning 21.1.2 Disks and virtual servers
Index(es):
- Chronological
- Thread