[Pkg-openldap-devel] Bug#462588: Bug#462588: Bug#462588: Bug#462588: Bug#462588: Same problem

T.A. van Roermund timo at van-roermund.nl
Tue Jan 29 21:18:45 UTC 2008


Quanah Gibson-Mount wrote:
>> Ok.  Does your certificate have a proper cn, matching the fqdn of your
>> server?  That's the only other case where I can reproduce the described
>> behavior, but I don't know if that's a behavior change relative to the
>> OpenSSL version.  (I would have hoped that OpenSSL would also refuse to
>> negotiate SSL/TLS with a server whose cn doesn't match the hostname being
>> connected to, since this subverts the SSL security model.)
> 
> OpenLDAP compiled with OpenSSL behaves the same way.  i.e, the cn in the 
> cert must match the servername (or the fields on subjectAltName, etc).

FQDN: server-timo.van-roermund.nl
CN: van-roermund.nl

Will that be the problem? If so, then the behaviour of GnuTLS *is* 
different from the behavious of OpenSSL. I will test it and let you know.

Regards,

Timo





More information about the Pkg-openldap-devel mailing list