Noël Köthe wrote:
Hello,
(openldap 2.4.25 on Debian GNU/Linux)
TLS_REQCERT allow is documented with
"The server certificate is requested. If no certificate is provided, the
session proceeds normally. If a bad
certificate is provided, it will be ignored and the session proceeds normally."
But if I test it it looks like the common name (CN) is checked against
the hostname of the server:
See ITS#7014.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
