Dieter Kluenter wrote: > Hi, > I just wonder whether this is a bug in openSSL or in openLDAP, anyhow > the subjectAltName attribute values are nor honoured. > openssl-0.9.8k-3.5.3.x86_64 > openldap-2.4.21 > > ldapwhoami -Y EXTERNAL -ZZ -H ldap://localhost > ldap_start_tls: Connect error (-11) > additional info: TLS: hostname does not match CN in peer certificate > > openssl x509 -in cert.pem -noout -text > Subject: C=DE, L=Hamburg, O=AVCI, OU=Certificate Authority, > CN=rubin.avci.de/[email protected] > ... > X509v3 Subject Alternative Name: > DNS:localhost, DNS:ldap.xxxx.de, DNS:dkluenter.xxxx.org > > Not to mention that this is OK with other versions of openldap and > openssl. > > -Dieter > Show the output with debugging enabled. Note that "localhost" is treated specially, and will be replaced by the local hostname instead of being used directly in the name comparison.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
