[Enterprise-support] [Bug 1835181] Re: OpenLDAP LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and ldap:// with STARTTLS

Wed, 10 Jul 2019 05:51:08 -0700 

Thanks for getting back to us!

Just to be sure, I also checked xenial and trusty, and the results are the same:
ubuntu@xenial-ldap-start-tls-1835181:~$ ldapwhoami -x -H 
ldaps://xenial-ldap-start-tls-1835181.lxd/ -d -1 2>&1 | grep ^TLS
TLS: hostname (xenial-ldap-start-tls-1835181.lxd) does not match common name in 
certificate (ubuntu).

ubuntu@xenial-ldap-start-tls-1835181:~$ ldapwhoami -x -ZZ -h 
xenial-ldap-start-tls-1835181.lxd -d -1 2>&1 | grep ^TLS
TLS: hostname (xenial-ldap-start-tls-1835181.lxd) does not match common name in 
certificate (ubuntu).

ubuntu@xenial-ldap-start-tls-1835181:~$ ldapwhoami -x -H ldaps://ubuntu
anonymous
ubuntu@xenial-ldap-start-tls-1835181:~$ ldapwhoami -x -ZZ -h ubuntu
anonymous


Trusty is also fine:
ubuntu@trusty-ldap-start-tls-1835181:~$ ldapwhoami -x -H ldaps://ubuntu
anonymous
ubuntu@trusty-ldap-start-tls-1835181:~$ ldapwhoami -x -H 
ldaps://trusty-ldap-start-tls-1835181.lxd
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
ubuntu@trusty-ldap-start-tls-1835181:~$ ldapwhoami -x -H 
ldaps://trusty-ldap-start-tls-1835181.lxd -d -1 2>&1 | grep ^TLS
TLS: hostname (trusty-ldap-start-tls-1835181.lxd) does not match common name in 
certificate (ubuntu).
ubuntu@trusty-ldap-start-tls-1835181:~$ ldapwhoami -x -ZZ -h ubuntu
anonymous
ubuntu@trusty-ldap-start-tls-1835181:~$ ldapwhoami -x -ZZ -h 
trusty-ldap-start-tls-1835181.lxd
ldap_start_tls: Connect error (-11)
        additional info: TLS: hostname does not match CN in peer certificate
ubuntu@trusty-ldap-start-tls-1835181:~$ ldapwhoami -x -ZZ -h 
trusty-ldap-start-tls-1835181.lxd -d -1 2>&1 | grep ^TLS
TLS: hostname (trusty-ldap-start-tls-1835181.lxd) does not match common name in 
certificate (ubuntu).
ubuntu@trusty-ldap-start-tls-1835181:~$ 


Cheers!


** Changed in: openldap (Ubuntu)
       Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to openldap in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1835181

Title:
  OpenLDAP LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between
  ldaps:// and ldap:// with STARTTLS

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1835181/+subscriptions

-- 
Mailing list: https://launchpad.net/~enterprise-support
Post to     : enterprise-support@lists.launchpad.net
Unsubscribe : https://launchpad.net/~enterprise-support
More help   : https://help.launchpad.net/ListHelp

Reply via email to