Re: TLS hostname check screwed up?
Michael Ströder wrote:
HI!
I'm using libldap of RE24 and have a problem with host name checking when
doing TLS.
OpenLDAP's debug output (real hostname exactly replaced by srv.domain.local):
------------------------------ snip ------------------------------
TLS: hostname (srv.domain.local.) does not match common name in certificate
(srv.domain.local).
------------------------------ snip ------------------------------
Is this because of the trailing dot?
Probably. The RFC requires an exact match, there's no exception for dots.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/