Howard Chu wrote: > Michael Ströder wrote: >> HI! >> >> I vaguely remember that there were code changes to the hostname cert >> checking when connecting via StartTLS ext.op. or LDAPS. But I'd prefer >> if the default behaviour would be strict like it was. > > You'll have to be more specific. What are you seeing that it doesn't do > any more?
The server cert has this subject name for server name nb2.stroeder.local: /C=DE/L=Karlsruhe/O=stroeder.com/OU=ITS/CN=nb2.stroeder.local But I can successfully connect to it with this command: ldapsearch -H ldaps://localhost:1391 >From my understanding this should not be possible by default. Ciao, Michael.
