From darshankmistry@yahoo.com Fri May 10 20:32:34 2019
From: darshankmistry@yahoo.com
To: openldap-bugs@openldap.org
Subject: Re: (ITS#9021) TLS: can't connect: TLS: hostname does not match CN in
 peer certificate
Date: Fri, 10 May 2019 20:32:32 +0000
Message-ID: <E1hPCC0-0005x7-H2@gauss.openldap.net>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8956156778888380881=="

--===============8956156778888380881==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

------=_Part_545863_1662769086.1557520342175
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

thank you very much for quick response and openldap behavior configuration.=
=C2=A0
how we can ignore to look server name in subject of certificate so I can us=
e LDAP server ip address instead of host name?=C2=A0
Also want to know if there is any open CVE which says it is vulnerabilities=
 to use LDAP server ip address instead of name in ldap configuration.=C2=A0


Thank you,
Darshankumar Mistry
darshankmistry(a)yahoo.com
=20

    On Friday, May 10, 2019, 12:58:38 PM PDT, Quanah Gibson-Mount <quanah(a)s=
ymas.com> wrote: =20
=20
 --On Friday, May 10, 2019 8:52 PM +0000 darshankmistry(a)yahoo.com wrote:

> Full_Name: Darshankumar Mistry
> Version:
> OS:
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (2001:420:10b:1272:fc1b:1ea:d311:6cac)
>
>
> I would like to know why Open LDAP behavior was changed where we must
> have to configure FQDN name mentioned in certificate in order to work LDA=
P
> authentication... else TLS start failing.

OpenLDAP has worked this way since I first started using it in 2002.=C2=A0 =
This=20
behavior is nothing new.=C2=A0 And this is the correct behavior.

This ITS will be closed.

--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

 =20
------=_Part_545863_1662769086.1557520342175
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<html><head></head><body><div class=3D"ydpf9876065yahoo-style-wrap" style=
=3D"font-family:verdana, helvetica, sans-serif;font-size:13px;"><div><div>t=
hank you very much for quick response and openldap behavior configuration.&=
nbsp;</div><div><br></div><div>how we can ignore to look server name in sub=
ject of certificate so I can use LDAP server ip address instead of host nam=
e?&nbsp;</div><div><br></div><div>Also want to know if there is any open CV=
E which says it is vulnerabilities to use LDAP server ip address instead of=
 name in ldap configuration.&nbsp;</div><div><br></div><div><br></div><div>=
<br></div><div class=3D"ydpf9876065signature"><div><span class=3D"ydpf98760=
65yui_3_7_2_102_1375813203128_121" style=3D"font-family:arial, sans-serif;c=
olor:rgb(80, 0, 80);">Thank you,</span><br class=3D"ydpf9876065yui_3_7_2_10=
2_1375813203128_122" style=3D"font-family:arial, sans-serif;color:rgb(80, 0=
, 80);"><span class=3D"ydpf9876065yui_3_7_2_102_1375813203128_123" style=3D=
"font-family:arial, sans-serif;color:rgb(80, 0, 80);">Darshankumar Mistry</=
span><br class=3D"ydpf9876065yui_3_7_2_102_1375813203128_124" style=3D"font=
-family:arial, sans-serif;color:rgb(80, 0, 80);"><a href=3D"mailto:darshank=
mistry(a)yahoo.com" class=3D"ydpf9876065yui_3_7_2_102_1375813203128_125" styl=
e=3D"color:rgb(17, 85, 204);font-family:arial, sans-serif;" rel=3D"nofollow=
" target=3D"_blank">darshankmistry(a)yahoo.com</a><br></div></div></div>
        <div><br></div><div><br></div>
       =20
        </div><div id=3D"ydpb3d55fc2yahoo_quoted_7562650282" class=3D"ydpb3=
d55fc2yahoo_quoted">
            <div style=3D"font-family:'Helvetica Neue', Helvetica, Arial, s=
ans-serif;font-size:13px;color:#26282a;">
               =20
                <div>
                    On Friday, May 10, 2019, 12:58:38 PM PDT, Quanah Gibson=
-Mount &lt;quanah(a)symas.com&gt; wrote:
                </div>
                <div><br></div>
                <div><br></div>
                <div>--On Friday, May 10, 2019 8:52 PM +0000 <a href=3D"mai=
lto:darshankmistry(a)yahoo.com" rel=3D"nofollow" target=3D"_blank">darshankmi=
stry(a)yahoo.com</a> wrote:<br><br>&gt; Full_Name: Darshankumar Mistry<br>&gt=
; Version:<br>&gt; OS:<br>&gt; URL: <a href=3D"ftp://ftp.openldap.org/incom=
ing/" rel=3D"nofollow" target=3D"_blank">ftp://ftp.openldap.org/incoming/</=
a><br>&gt; Submission from: (NULL) (2001:420:10b:1272:fc1b:1ea:d311:6cac)<b=
r>&gt;<br>&gt;<br>&gt; I would like to know why Open LDAP behavior was chan=
ged where we must<br>&gt; have to configure FQDN name mentioned in certific=
ate in order to work LDAP<br>&gt; authentication... else TLS start failing.=
<br><br>OpenLDAP has worked this way since I first started using it in 2002=
.&nbsp; This <br>behavior is nothing new.&nbsp; And this is the correct beh=
avior.<br><br>This ITS will be closed.<br><br>--Quanah<br><br><br>--<br><br=
>Quanah Gibson-Mount<br>Product Architect<br>Symas Corporation<br>Packaged,=
 certified, and supported LDAP solutions powered by OpenLDAP:<br>&lt;<a hre=
f=3D"http://www.symas.com" rel=3D"nofollow" target=3D"_blank">http://www.sy=
mas.com</a>&gt;<br><br></div>
            </div>
        </div></body></html>
------=_Part_545863_1662769086.1557520342175--




--===============8956156778888380881==--