Full_Name: Singam Sudhir Reddy
Version: master branch
Submission from: (NULL) (126.96.36.199)
The attached file is derived from OpenLDAP Software. All of the modifications to
OpenLDAP Software represented in the following patch(es) were developed by
NOKIA. NOKIA has not assigned rights and/or interest in this work to any party.
I, SINGAM SUDHIR REDDY authorized by NOKIA, my employer, to release this work
under the following terms.
NOKIA hereby place the following modifications to OpenLDAP Software (and only
these modifications) into the public domain. Hence, these modifications may be
freely used and/or redistributed for any purpose with or without attribution
and/or other notice.
This is minor enhancement to introduce a new LDAP option
"LDAP_OPT_X_TLS_DEMAND_EXCL_HOSTNAME_CHECK" to ignore hostname checking by
client in TLS communication mode. This is very similar to
"LDAP_OPT_X_TLS_DEMAND" LDAP option except that HOSTNAME checking is ignored.
This option can be set by client either by using LDAP API "ldap_set_option" or
can be globally set in the configuration file /etc/openldap/ldap.conf like
Generally operators use same set of certificates for different services (from
different hosts) which support TLS communication. When such certificates are
used, this option gives facility for openldap based services to ignore hostname
checking at client side.
No. If you're using a single set of certificates for multiple hosts you should
be using a wildcard cert. Closing this ITS.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/