[email protected] wrote: > Full_Name: Singam Sudhir Reddy > Version: master branch > OS: fedora > URL: ftp://ftp.openldap.org/incoming/sudhirsingam-180506.patch > Submission from: (NULL) (61.1.232.154) > > > The attached file is derived from OpenLDAP Software. All of the modifications > to > OpenLDAP Software represented in the following patch(es) were developed by > NOKIA. NOKIA has not assigned rights and/or interest in this work to any > party. > I, SINGAM SUDHIR REDDY authorized by NOKIA, my employer, to release this work > under the following terms. > > NOKIA hereby place the following modifications to OpenLDAP Software (and only > these modifications) into the public domain. Hence, these modifications may be > freely used and/or redistributed for any purpose with or without attribution > and/or other notice. > > **** > Description: > > This is minor enhancement to introduce a new LDAP option > "LDAP_OPT_X_TLS_DEMAND_EXCL_HOSTNAME_CHECK" to ignore hostname checking by > client in TLS communication mode. This is very similar to > "LDAP_OPT_X_TLS_DEMAND" LDAP option except that HOSTNAME checking is ignored. > > This option can be set by client either by using LDAP API "ldap_set_option" or > can be globally set in the configuration file /etc/openldap/ldap.conf like > below. > > TLS_REQCERT demand_excl_hostname_check > > Purpose: > > Generally operators use same set of certificates for different services (from > different hosts) which support TLS communication. When such certificates are > used, this option gives facility for openldap based services to ignore > hostname > checking at client side.
No. If you're using a single set of certificates for multiple hosts you should be using a wildcard cert. Closing this ITS. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
