subject:"\(ITS#9021\) TLS\: can't connect\: TLS\: hostname does not match CN in peer certificate"

Re: (ITS#9021) TLS: can't connect: TLS: hostname does not match CN in peer certificate

2019-05-10 Thread darshankmistry

--=_Part_582781_95096894.1557523728570
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

thank you, this case can be closed. appreciate all your help and clarificat=
ion. thanks agian
Thank you,
Darshankumar Mistry
darshankmis...@yahoo.com
=20

On Friday, May 10, 2019, 1:53:16 PM PDT, Howard Chu  wro=
te: =20
=20
 darshankmis...@yahoo.com wrote:
> --=3D_Part_545863_1662769086.1557520342175
> Content-Type: text/plain; charset=3DUTF-8
> Content-Transfer-Encoding: quoted-printable
>=20
> thank you very much for quick response and openldap behavior configuratio=
n.=3D
> =3DC2=3DA0
> how we can ignore to look server name in subject of certificate so I can =
us=3D
> e LDAP server ip address instead of host name?=3DC2=3DA0
> Also want to know if there is any open CVE which says it is vulnerabiliti=
es=3D
>=C2=A0 to use LDAP server ip address instead of name in ldap configuration=
.=3DC2=3DA0

Add the IP address in a subjectALternativeName extension to your server cer=
tificate.

The behavior here is specified in RFC4513.
>=20
>=20
> Thank you,
> Darshankumar Mistry
> darshankmis...@yahoo.com
> =3D20
>=20
>=C2=A0 =C2=A0 On Friday, May 10, 2019, 12:58:38 PM PDT, Quanah Gibson-Moun=
t  ymas.com> wrote: =3D20
> =3D20
>=C2=A0 --On Friday, May 10, 2019 8:52 PM + darshankmis...@yahoo.com wr=
ote:
>=20
>> Full_Name: Darshankumar Mistry
>> Version:
>> OS:
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (2001:420:10b:1272:fc1b:1ea:d311:6cac)
>>
>>
>> I would like to know why Open LDAP behavior was changed where we must
>> have to configure FQDN name mentioned in certificate in order to work LD=
A=3D
> P
>> authentication... else TLS start failing.
>=20
> OpenLDAP has worked this way since I first started using it in 2002.=3DC2=
=3DA0 =3D
> This=3D20
> behavior is nothing new.=3DC2=3DA0 And this is the correct behavior.
>=20
> This ITS will be closed.
>=20
> --Quanah
>=20
>=20
> --
>=20
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> 
>=20
>=C2=A0 =3D20
> --=3D_Part_545863_1662769086.1557520342175
> Content-Type: text/html; charset=3DUTF-8
> Content-Transfer-Encoding: quoted-printable
>=20
>  =3D3D"font-family:verdana, helvetica, sans-serif;font-size:13px;">t=3D
> hank you very much for quick response and openldap behavior configuration=
.&=3D
> nbsp;how we can ignore to look server name in s=
ub=3D
> ject of certificate so I can use LDAP server ip address instead of host n=
am=3D
> e?Also want to know if there is any open =
CV=3D
> E which says it is vulnerabilities to use LDAP server ip address instead =
of=3D
>=C2=A0 name in ldap configuration.=3D
>  65yui_3_7_2_102_1375813203128_121" style=3D3D"font-family:arial, sans-ser=
if;c=3D
> olor:rgb(80, 0, 80);">Thank you, 2_1375813203128_122" style=3D3D"font-family:arial, sans-serif;color:rgb(8=
0, 0=3D
> , 80);"> "font-family:arial, sans-serif;color:rgb(80, 0, 80);">Darshankumar Mistry=
 span> -family:arial, sans-serif;color:rgb(80, 0, 80);">mailto:dars=
hank=3D
> mis...@yahoo.com" class=3D3D"ydpf9876065yui_3_7_2_102_1375813203128_125" =
styl=3D
> e=3D3D"color:rgb(17, 85, 204);font-family:arial, sans-serif;" rel=3D3D"no=
follow=3D
> " target=3D3D"_blank">darshankmis...@yahoo.com
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =3D20
>=C2=A0 =C2=A0 =C2=A0 =C2=A0  d55fc2yahoo_quoted">
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0  ans-serif;font-size:13px;color:#26282a;">
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =3D20
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 On F=
riday, May 10, 2019, 12:58:38 PM PDT, Quanah Gibson=3D
> -Mount qua...@symas.com wrote:
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 --On Friday, =
May 10, 2019 8:52 PM +  lto:darshankmis...@yahoo.com" rel=3D3D"nofollow" target=3D3D"_blank">dars=
hankmi=3D
> s...@yahoo.com wrote: Full_Name: Darshankumar Mistry&=
gt=3D
> ; Version: OS: URL: ftp://ftp.openldap.org/i=
ncom=3D
> ing/" rel=3D3D"nofollow" target=3D3D"_blank">ftp://ftp.openldap.org/incom=
ing/ a> Submission from: (NULL) (2001:420:10b:1272:fc1b:1ea:d311:6cac)=
 r> I would like to know why Open LDAP behavior was ch=
an=3D
> ged where we must have to configure FQDN name mentioned in certif=
ic=3D
> ate in order to work LDAP authentication... else TLS start failin=
g.=3D
> OpenLDAP has worked this way since I first started using it in 20=
02=3D
> . This behavior is nothing new. And this is the correct b=
eh=3D
> avior.This ITS will be closed.--Quanah--<=
br=3D
>> Quanah Gibson-MountProduct ArchitectSymas CorporationPackage=
d,=3D
>=C2=A0 certified, and supported LDAP solutions

Re: (ITS#9021) TLS: can't connect: TLS: hostname does not match CN in peer certificate

2019-05-10 Thread hyc

darshankmis...@yahoo.com wrote:
> --=_Part_545863_1662769086.1557520342175
> Content-Type: text/plain; charset=UTF-8
> Content-Transfer-Encoding: quoted-printable
> 
> thank you very much for quick response and openldap behavior configuration.=
> =C2=A0
> how we can ignore to look server name in subject of certificate so I can us=
> e LDAP server ip address instead of host name?=C2=A0
> Also want to know if there is any open CVE which says it is vulnerabilities=
>  to use LDAP server ip address instead of name in ldap configuration.=C2=A0

Add the IP address in a subjectALternativeName extension to your server 
certificate.

The behavior here is specified in RFC4513.
> 
> 
> Thank you,
> Darshankumar Mistry
> darshankmis...@yahoo.com
> =20
> 
> On Friday, May 10, 2019, 12:58:38 PM PDT, Quanah Gibson-Mount  ymas.com> wrote: =20
> =20
>  --On Friday, May 10, 2019 8:52 PM + darshankmis...@yahoo.com wrote:
> 
>> Full_Name: Darshankumar Mistry
>> Version:
>> OS:
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (2001:420:10b:1272:fc1b:1ea:d311:6cac)
>>
>>
>> I would like to know why Open LDAP behavior was changed where we must
>> have to configure FQDN name mentioned in certificate in order to work LDA=
> P
>> authentication... else TLS start failing.
> 
> OpenLDAP has worked this way since I first started using it in 2002.=C2=A0 =
> This=20
> behavior is nothing new.=C2=A0 And this is the correct behavior.
> 
> This ITS will be closed.
> 
> --Quanah
> 
> 
> --
> 
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> 
> 
>  =20
> --=_Part_545863_1662769086.1557520342175
> Content-Type: text/html; charset=UTF-8
> Content-Transfer-Encoding: quoted-printable
> 
>  =3D"font-family:verdana, helvetica, sans-serif;font-size:13px;">t=
> hank you very much for quick response and openldap behavior configuration.&=
> nbsp;how we can ignore to look server name in sub=
> ject of certificate so I can use LDAP server ip address instead of host nam=
> e?Also want to know if there is any open CV=
> E which says it is vulnerabilities to use LDAP server ip address instead of=
>  name in ldap configuration.=
>  65yui_3_7_2_102_1375813203128_121" style=3D"font-family:arial, sans-serif;c=
> olor:rgb(80, 0, 80);">Thank you, 2_1375813203128_122" style=3D"font-family:arial, sans-serif;color:rgb(80, 0=
> , 80);"> "font-family:arial, sans-serif;color:rgb(80, 0, 80);">Darshankumar Mistry span> -family:arial, sans-serif;color:rgb(80, 0, 80);">mailto:darshank=
> mis...@yahoo.com" class=3D"ydpf9876065yui_3_7_2_102_1375813203128_125" styl=
> e=3D"color:rgb(17, 85, 204);font-family:arial, sans-serif;" rel=3D"nofollow=
> " target=3D"_blank">darshankmis...@yahoo.com
> 
>=20
>  d55fc2yahoo_quoted">
>  ans-serif;font-size:13px;color:#26282a;">
>=20
> 
> On Friday, May 10, 2019, 12:58:38 PM PDT, Quanah Gibson=
> -Mount qua...@symas.com wrote:
> 
> 
> 
> --On Friday, May 10, 2019 8:52 PM +  lto:darshankmis...@yahoo.com" rel=3D"nofollow" target=3D"_blank">darshankmi=
> s...@yahoo.com wrote: Full_Name: Darshankumar Mistry=
> ; Version: OS: URL: ftp://ftp.openldap.org/incom=
> ing/" rel=3D"nofollow" target=3D"_blank">ftp://ftp.openldap.org/incoming/ a> Submission from: (NULL) (2001:420:10b:1272:fc1b:1ea:d311:6cac) r> I would like to know why Open LDAP behavior was chan=
> ged where we must have to configure FQDN name mentioned in certific=
> ate in order to work LDAP authentication... else TLS start failing.=
> OpenLDAP has worked this way since I first started using it in 2002=
> . This behavior is nothing new. And this is the correct beh=
> avior.This ITS will be closed.--Quanah--> Quanah Gibson-MountProduct ArchitectSymas CorporationPackaged,=
>  certified, and supported LDAP solutions powered by OpenLDAP: f=3D"http://www.symas.com; rel=3D"nofollow" target=3D"_blank">http://www.sy=
> mas.com
> 
> 
> --=_Part_545863_1662769086.1557520342175--
> 
> 
> 
> 


-- 
  -- Howard Chu
  CTO, Symas Corp.   http://www.symas.com
  Director, Highland Sun http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Re: (ITS#9021) TLS: can't connect: TLS: hostname does not match CN in peer certificate

2019-05-10 Thread quanah

--On Friday, May 10, 2019 9:32 PM + darshan mistry 
 wrote:

> how we can ignore to look server name in subject of certificate so I can
> use LDAP server ip address instead of host name?

If you want to allow connecting over the IP address with TLS, then add it 
as a subjectAltName value in the certificate, for example:

subjectAltName=IP:1.2.3.4

> Also want to know if there is any open CVE which says it is
> vulnerabilities to use LDAP server ip address instead of name in ldap
> configuration.

I'm not aware of any such CVE or why there would be one.

--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:

Re: (ITS#9021) TLS: can't connect: TLS: hostname does not match CN in peer certificate

2019-05-10 Thread darshankmistry

--=_Part_545863_1662769086.1557520342175
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

thank you very much for quick response and openldap behavior configuration.=
=C2=A0
how we can ignore to look server name in subject of certificate so I can us=
e LDAP server ip address instead of host name?=C2=A0
Also want to know if there is any open CVE which says it is vulnerabilities=
 to use LDAP server ip address instead of name in ldap configuration.=C2=A0


Thank you,
Darshankumar Mistry
darshankmis...@yahoo.com
=20

On Friday, May 10, 2019, 12:58:38 PM PDT, Quanah Gibson-Mount  wrote: =20
=20
 --On Friday, May 10, 2019 8:52 PM + darshankmis...@yahoo.com wrote:

> Full_Name: Darshankumar Mistry
> Version:
> OS:
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (2001:420:10b:1272:fc1b:1ea:d311:6cac)
>
>
> I would like to know why Open LDAP behavior was changed where we must
> have to configure FQDN name mentioned in certificate in order to work LDA=
P
> authentication... else TLS start failing.

OpenLDAP has worked this way since I first started using it in 2002.=C2=A0 =
This=20
behavior is nothing new.=C2=A0 And this is the correct behavior.

This ITS will be closed.

--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:


 =20
--=_Part_545863_1662769086.1557520342175
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

t=
hank you very much for quick response and openldap behavior configuration.&=
nbsp;how we can ignore to look server name in sub=
ject of certificate so I can use LDAP server ip address instead of host nam=
e?Also want to know if there is any open CV=
E which says it is vulnerabilities to use LDAP server ip address instead of=
 name in ldap configuration.=
Thank you,Darshankumar Mistrymailto:darshank=
mis...@yahoo.com" class=3D"ydpf9876065yui_3_7_2_102_1375813203128_125" styl=
e=3D"color:rgb(17, 85, 204);font-family:arial, sans-serif;" rel=3D"nofollow=
" target=3D"_blank">darshankmis...@yahoo.com

   =20


   =20

On Friday, May 10, 2019, 12:58:38 PM PDT, Quanah Gibson=
-Mount qua...@symas.com wrote:



--On Friday, May 10, 2019 8:52 PM + darshankmi=
s...@yahoo.com wrote: Full_Name: Darshankumar Mistry=
; Version: OS: URL: ftp://ftp.openldap.org/incom=
ing/" rel=3D"nofollow" target=3D"_blank">ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (2001:420:10b:1272:fc1b:1ea:d311:6cac) I would like to know why Open LDAP behavior was chan=
ged where we must have to configure FQDN name mentioned in certific=
ate in order to work LDAP authentication... else TLS start failing.=
OpenLDAP has worked this way since I first started using it in 2002=
. This behavior is nothing new. And this is the correct beh=
avior.This ITS will be closed.--Quanah--Quanah Gibson-MountProduct ArchitectSymas CorporationPackaged,=
 certified, and supported LDAP solutions powered by OpenLDAP:http://www.symas.com; rel=3D"nofollow" target=3D"_blank">http://www.sy=
mas.com


--=_Part_545863_1662769086.1557520342175--

Re: (ITS#9021) TLS: can't connect: TLS: hostname does not match CN in peer certificate

2019-05-10 Thread quanah

--On Friday, May 10, 2019 8:52 PM + darshankmis...@yahoo.com wrote:

> Full_Name: Darshankumar Mistry
> Version:
> OS:
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (2001:420:10b:1272:fc1b:1ea:d311:6cac)
>
>
> I would like to know why Open LDAP behavior was changed where we must
> have to configure FQDN name mentioned in certificate in order to work LDAP
> authentication... else TLS start failing.

OpenLDAP has worked this way since I first started using it in 2002.  This 
behavior is nothing new.  And this is the correct behavior.

This ITS will be closed.

--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:

(ITS#9021) TLS: can't connect: TLS: hostname does not match CN in peer certificate

2019-05-10 Thread darshankmistry

Full_Name: Darshankumar Mistry
Version: 
OS: 
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (2001:420:10b:1272:fc1b:1ea:d311:6cac)


I would like to know why Open LDAP behavior was changed where we must have to
configure FQDN name mentioned in certificate in order to work LDAP
authentication... else TLS start failing. 

I am getting below error and I know that I am using IP address of LDAP server in
my configuration instead of certificate subject name (FQDN of ldap server)

TLS: can't connect: TLS: hostname does not match CN in peer certificate

Re: (ITS#9021) TLS: can't connect: TLS: hostname does not match CN in peer certificate

Re: (ITS#9021) TLS: can't connect: TLS: hostname does not match CN in peer certificate

Re: (ITS#9021) TLS: can't connect: TLS: hostname does not match CN in peer certificate

Re: (ITS#9021) TLS: can't connect: TLS: hostname does not match CN in peer certificate

Re: (ITS#9021) TLS: can't connect: TLS: hostname does not match CN in peer certificate

(ITS#9021) TLS: can't connect: TLS: hostname does not match CN in peer certificate

6 matches

Site Navigation

Mail list logo

Footer information