Re: StartTLS with a host alias

7 Jun 2008


      Hallvard B Furuseth wrote:
...
Howard Chu writes:
...
Well, there can be any number of CNs in a DN. But only the
most-inferior RDN actually names the certificate, therefore that's the
only one that may be used in hostname checking.
Then something (OpenSSL?) is broken.  The hostname which succeeded is in
the topmost of his RDNs which has a CN, not in the most inferior RDN.
Hm, good point. The OpenSSL function used in libldap/tls.c doesn't have an 
argument to specify which CN to return. That code may need to be rewritten.
-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

Re: StartTLS with a host alias