[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: start_tls: connect error

To: Philip Guenther <guenther+ldapsoft@sendmail.com>
Subject: Re: start_tls: connect error
From: Michael Ströder <michael@stroeder.com>
Date: Thu, 14 Jan 2010 23:35:22 +0100
Cc: openldap-software@openldap.org
In-reply-to: <alpine.BSO.2.00.1001131829170.2740@vanye.sendmail.com>
References: <87vdf7kueq.fsf@dkluenter.de> <4B4D1703.6010906@symas.com> <4B4D727A.6020102@stroeder.com> <4B4D74A8.8020006@symas.com> <4B4E1A96.80300@stroeder.com> <alpine.BSO.2.00.1001131829170.2740@vanye.sendmail.com>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.7) Gecko/20090106 SUSE/2.0.2-1.1 SeaMonkey/2.0.2

Philip Guenther wrote:
> On Wed, 13 Jan 2010, Michael Ströder wrote:
>> Howard Chu wrote:
>>> Michael Ströder wrote:
>>>> Howard Chu wrote:
>>>>> Show the output with debugging enabled. Note that "localhost" is 
>>>>> treated specially, and will be replaced by the local hostname 
>>>>> instead of being used directly in the name comparison.
>>>>
>>>> Why that? I strongly dislike automagic things when doing security checks.
>>>
>>> Probably because "localhost" is useless in an actual cert from a remote
>>> server.
>>
>> Yes. But nothing prevents the client from providing the correct 
>> hostname.
> 
> True, so why didn't you?  :-)

I'm not the original poster having an issue.

Ciao, Michael.

References:
- start_tls: connect error
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: start_tls: connect error
  - From: Howard Chu <hyc@symas.com>
- Re: start_tls: connect error
  - From: Michael Ströder <michael@stroeder.com>
- Re: start_tls: connect error
  - From: Howard Chu <hyc@symas.com>
- Re: start_tls: connect error
  - From: Michael Ströder <michael@stroeder.com>
- Re: start_tls: connect error
  - From: Philip Guenther <guenther+ldapsoft@sendmail.com>

Prev by Date: Re: start_tls: connect error
Next by Date: n-way multimaster replication slapd.conf
Index(es):
- Chronological
- Thread