[John S. Skogtvedt] > In other words, if the certificate Common Name is "ldap", one has to > connect to the server using the hostname "ldap". I know that that > worked in lenny at least, I'll be very surprised if it doesn't in > squeeze (but at least in lenny ldapvi had a bug making it the only > program not to accept the certificate).
I suspect something changed between Lenny and Squeeze, as certificate checking seem to have become stricter. > This said, one can make it possible to use both "ldap" and > "ldap.intern". Use e.g. "ldap.intern" as the Common Name, and put > "DNS:ldap" in the subjectAltName (google openssl subjectAltName for > more information). Sound like a better idea, as it do not force us to change all instances of ldap to ldap.intern. Testing it now. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
