[Pkg-openldap-devel] Bug#462588: Bug#462588: Bug#462588: Bug#462588: Bug#462588: Same problem
T.A. van Roermund
timo at van-roermund.nl
Tue Jan 29 21:18:45 UTC 2008
Quanah Gibson-Mount wrote:
>> Ok. Does your certificate have a proper cn, matching the fqdn of your
>> server? That's the only other case where I can reproduce the described
>> behavior, but I don't know if that's a behavior change relative to the
>> OpenSSL version. (I would have hoped that OpenSSL would also refuse to
>> negotiate SSL/TLS with a server whose cn doesn't match the hostname being
>> connected to, since this subverts the SSL security model.)
>
> OpenLDAP compiled with OpenSSL behaves the same way. i.e, the cn in the
> cert must match the servername (or the fields on subjectAltName, etc).
FQDN: server-timo.van-roermund.nl
CN: van-roermund.nl
Will that be the problem? If so, then the behaviour of GnuTLS *is*
different from the behavious of OpenSSL. I will test it and let you know.
Regards,
Timo
More information about the Pkg-openldap-devel
mailing list