Re: TLS hostname check screwed up?

Michael Ströder wrote: > > I'm using libldap of RE24 and have a problem with host name checking when > doing TLS. > > OpenLDAP's debug output (real hostname exactly replaced by > srv.domain.local): > > ------------------------------ snip ------------------------------ > TLS: hostname (srv.domain.local.) does not match common name in > certificate > (srv.domain.local). > ------------------------------ snip ------------------------------ > > Is this because of the trailing dot? Probably. The RFC requires an exact match, there's no exception for dots.