14 Jul
2009
14 Jul
'09
1:06 a.m.
Howard Chu wrote:
Michael Ströder wrote:
HI!
I vaguely remember that there were code changes to the hostname cert checking when connecting via StartTLS ext.op. or LDAPS. But I'd prefer if the default behaviour would be strict like it was.
You'll have to be more specific. What are you seeing that it doesn't do any more?
The server cert has this subject name for server name nb2.stroeder.local: /C=DE/L=Karlsruhe/O=stroeder.com/OU=ITS/CN=nb2.stroeder.local
But I can successfully connect to it with this command:
ldapsearch -H ldaps://localhost:1391
From my understanding this should not be possible by default.
Ciao, Michael.