[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Additional bug in OpenLDAP TLS code

To: Michael Ströder <michael@stroeder.com>, openldap-devel@openldap.org
Subject: Re: Additional bug in OpenLDAP TLS code
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Wed, 10 May 2017 13:26:23 -0700
Content-disposition: inline
In-reply-to: <WM!1ab33e4b384a428fa9bfb54db535897fd2dac1a9bd3dc0e945a2543e6a20b7bfed5415bdfa47639acf0a935869258324!@mailstronghold-3.zmailcloud.com>
References: <80106510F3B08D5173986771@[192.168.1.19]> <cbdcda84-8545-0586-ee96-650023e84398@stroeder.com> <WM!1ab33e4b384a428fa9bfb54db535897fd2dac1a9bd3dc0e945a2543e6a20b7bfed5415bdfa47639acf0a935869258324!@mailstronghold-3.zmailcloud.com>

--On Wednesday, May 10, 2017 11:19 PM +0200 Michael Ströder<michael@stroeder.com> wrote:

Quanah Gibson-Mount wrote:

Attempting to connect via ldapsearch to ldap://127.0.0.1 and initiate
startTLS will fail, as the IP gets mapped to "localhost", and then the
FQDN check fails.


Yes, this is a bug. Especially since the mapping to "localhost" does not
have a trustable source for this mapping.

Bah, never mind. I had a runaway slapd with old cert info running. Itdoes work in this scenario correctly.


--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

References:
- Additional bug in OpenLDAP TLS code
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Additional bug in OpenLDAP TLS code
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: Additional bug in OpenLDAP TLS code
Next by Date: ITS#8654 - Option for LDAP client to bind to a local address
Index(es):
- Chronological
- Thread