Re: "TLS_REQCERT allow" rejects CN and hostname mismatch?

16 Oct 2011


      Noël Köthe wrote:
...
Hello,
(openldap 2.4.25 on Debian GNU/Linux)
TLS_REQCERT allow is documented with
"The server certificate is requested. If no certificate is provided, the session proceeds normally.  If  a  bad
certificate is provided, it will be ignored and the session proceeds normally."
But if I test it it looks like the common name (CN) is checked against
the hostname of the server:
See ITS#7014.
-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Re: "TLS_REQCERT allow" rejects CN and hostname mismatch?