[Pkg-nagios-devel] Bug#463355: Bug#463355: check_ldap with starttls requires hostname to match cert name

[Jan Wagner]

tag 463355 + wontfix
thanks

On Thursday, 31. January 2008, Greg Cox wrote:
> This is probably something to kick upstream.
> 
> Serverside: slapd 2.4.7-3 with TLS (not ldaps) enabled.  It's running on a
>  VM with a hostname of 'utilserver.domain.org', and its SSL cert has a CN
>  of 'utilserver', since usually only internal users interact with it.
[...]
> It appears (though I haven't confirmed since my C-fu is weak) that the -T
>  flag co-opts the hostname as specified in the -H and uses that in its TLS
>  handshake.  But that overload is not always good: my nagios checks, which
>  use the FQDN, fail.
> 
> Suggestion:
> -T is currently a boolean flag.  How about -T [optional hostname for
>  certificate handshake if -H isn't good enough]?  I can't think of anything
>  else you might want after -T, myself.

the upstream bug got no comment while it is more than 9 months open there.  
I'm tagging the bug wontfix, upstream bug will be keeped open from my side.

With kind regards, Jan.
-- 
Never write mail to <waja at spamfalle.info>, you have been warned!
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT d-- s+: a- C+++ UL++++ P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE
Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++
------END GEEK CODE BLOCK------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20091015/8816ab4f/attachment.pgp>