Anyone of these issues could be responsible? Just checking
OpenLDAP 2.4.46 Release (2018/03/22)
Fixed libldap connection delete callbacks when TLS fails to
start (ITS#8717)
Fixed libldap to not reuse tls_session if TLS hostname check
fails (ITS#7373)
Thanks
On Wed, Jun 22, 2022 at 7:51 AM Quanah Gibson-Mount
<[email protected]> wrote:
>
> --On Tuesday, June 21, 2022 11:29 PM -0700 radiatejava
> <[email protected]> wrote:
>
> > I raised the issue https://bugs.openldap.org/show_bug.cgi?id=9869 but
> > it has been set to verified/invalid state now. However, I do not know
> > which version addresses the issue. Can anyone tell me which version
> > would still verify the hostname when doing LDAP over TLS.
>
> The OpenLDAP 2.4 series is historic, no bug reports for it will be
> considered.
>
> No changes have been made to OpenLDAP 2.4 series to disable hostname
> verification by the OpenLDAP project. If you are using libraries provided
> by downstream distributions, they may have made unauthorized changes to how
> libldap functions in regards to TLS. Additionally, if you were using an
> OpenSSL linked libldap and are now using a GnuTLS linked libldap, then some
> behaviors are different as documented in the man pages.
>
> Generally I'd advise starting with a supported version of OpenLDAP.
>
> Regards,
> Quanah
>
>
>
>
