[prev in list] [next in list] [prev in thread] [next in thread]
List: nssldap
Subject: [nssldap] SSL hostname checking
From: Antti Tikkanen <antti.tikkanen () hut ! fi>
Date: 2002-07-31 9:57:05
[Download RAW message or body]
I have been puzzled for a while now, since I have not been able to get
nss_ldap with SSL (not TLS) working with some OpenLDAP library versions.
Specifically, OpenLDAP 2.0.11 works just fine. I had a problem with
LDAP_OPT_X_TLS_REQUIRE_CERT which it didn't seem to recognize, but
otherwise things worked fine.
However, when I tried OpenLDAP 2.0.23, things seemed to fail. I got an
LDAP_SERVER_DOWN error, which I traced down to a LDAP_CONNECTION_ERROR
from tls.c. This was because it was comparing (as I understand) the value
from the servers certificate to the value from /etc/ldap.conf "host"
parameter. I was using the servers IP address in the conf file, so things
did not work. After I replaced the IP address with the servers hostname,
everything was ok.
I had set tls_checkpeer to 'no'. Is this supposed to happen? Anyways, if
someone else is having the same problem, this is the cause.
Regards,
Antti
--
Antti.Tikkanen@hut.fi
Helsinki University of Technology
Computing Centre
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic