[Pkg-nagios-devel] Bug#463355: Bug#463355: check_ldap with starttls requires hostname to match cert name
waja at cyconet.org
Thu Oct 15 20:38:00 UTC 2009
tag 463355 + wontfix
On Thursday, 31. January 2008, Greg Cox wrote:
> This is probably something to kick upstream.
> Serverside: slapd 2.4.7-3 with TLS (not ldaps) enabled. It's running on a
> VM with a hostname of 'utilserver.domain.org', and its SSL cert has a CN
> of 'utilserver', since usually only internal users interact with it.
> It appears (though I haven't confirmed since my C-fu is weak) that the -T
> flag co-opts the hostname as specified in the -H and uses that in its TLS
> handshake. But that overload is not always good: my nagios checks, which
> use the FQDN, fail.
> -T is currently a boolean flag. How about -T [optional hostname for
> certificate handshake if -H isn't good enough]? I can't think of anything
> else you might want after -T, myself.
the upstream bug got no comment while it is more than 9 months open there.
I'm tagging the bug wontfix, upstream bug will be keeped open from my side.
With kind regards, Jan.
Never write mail to <waja at spamfalle.info>, you have been warned!
-----BEGIN GEEK CODE BLOCK-----
GIT d-- s+: a- C+++ UL++++ P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE
Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++
------END GEEK CODE BLOCK------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part.
More information about the Pkg-nagios-devel