--On Wednesday, May 10, 2017 10:49 AM -0700 Ryan Tandy ryan@nardis.ca wrote:
On Wed, May 10, 2017 at 09:32:59AM -0700, Quanah Gibson-Mount wrote:
RFC 6761 specifically notes that "localhost." is in fact a domain name (Section 6.3). Therefore, my certificates are in fact correct, and the OpenLDAP code check is indeed a bug.
"localhost." is a perfectly valid FQDN (as is the relatively common "localhost.localdomain."), but from earlier in the thread I gathered your system's FQDN is actually "u16build." or "u16build.some.domain.".
The FQDN of the system is immaterial. The point is to have a certificate without *any* reference to the system hostname, and be entirely based on localhost. The RFCs seem to indicate that is perfectly legitimate. It is the OpenLDAP code check that breaks this ability.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com