[Issue 9543] New: Patch : Customize CN check on TLS

1 May 2021


      https://bugs.openldap.org/show_bug.cgi?id=9543
Issue ID: 9543
           Summary: Patch : Customize CN check on TLS
           Product: OpenLDAP
           Version: unspecified
          Hardware: i386
                OS: Other
            Status: UNCONFIRMED
          Severity: normal
          Priority: ---
         Component: libraries
          Assignee: bugs@openldap.org
          Reporter: julien.wadel@belledonne-communications.com
  Target Milestone: ---
Created attachment 821
  --> https://bugs.openldap.org/attachment.cgi?id=821&action=edit
Patch on master
Hi,
I added a feature that allow to customize the domain name on TLS hostname
verification. With it, we can use an IP that comes from our DNS resolver.
It is mainly used when we want launch test units with a private server where
the IP and domains are private. 
In our case, we use our own dns resolver (internal code) which give us an IP
that is passed to LDAP. As we know the domain name but not LDAP, we pass it to
it for checking (it's not an ignore option)
Here is the commit from our repository (based from 2.4):
https://gitlab.linphone.org/BC/public/external/openldap/-/commit/a4fef2181ce...
Here is the branch from the HEAD of your current master (one commit, parent
60b7dc731ce9f2424a4a56d78ae99270a3c6239c)
https://gitlab.linphone.org/BC/public/external/openldap/-/tree/feature/hostn...
Here is the branch from the HEAD of OPENLDAP_REL_ENG_2_4 (one commit, parent
faf2c4e78641f69df3fdea5f97ddb058946f2051)
https://gitlab.linphone.org/BC/public/external/openldap/-/tree/feature/hostn...
I attached the diff on master
Regards
-- 
You are receiving this mail because:
You are on the CC list for the issue.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[Issue 9543] New: Patch : Customize CN check on TLS