[Issue 10326] New: SNI passing requirements differ across TLS implementations

14 Apr 2025


      https://bugs.openldap.org/show_bug.cgi?id=10326
Issue ID: 10326
           Summary: SNI passing requirements differ across TLS
                    implementations
           Product: OpenLDAP
           Version: unspecified
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Keywords: needs_review
          Severity: normal
          Priority: ---
         Component: libraries
          Assignee: bugs@openldap.org
          Reporter: ondra@mistotebe.net
  Target Milestone: ---
mbedtls 3.6.3 has changed behaviour to correct a long standing issue where not
setting a hostname meant hostname checking was disabled completely
(CVE-2025-27809).
It seems that how we do SNI vs. basic certificate checking differs between TLS
implementations and our logic in ldap_int_tls_connect and ti_session_connect.
This is also the reason test067-tls started failing on mbedtls builds.
-- 
You are receiving this mail because:
You are on the CC list for the issue.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[Issue 10326] New: SNI passing requirements differ across TLS implementations