[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: start_tls: connect error

Michael Ströder wrote:
> Howard Chu wrote:
>> Show the output with debugging enabled. Note that "localhost" is treated
>> specially, and will be replaced by the local hostname instead of being used
>> directly in the name comparison.
> Why that? I strongly dislike automagic things when doing security checks.

Probably because "localhost" is useless in an actual cert from a remote
server. This has been a feature of libldap since 2.1, so it's certainly
nothing new.
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/