On 6/6/07 3:01, "Christopher Odenbach" <[EMAIL PROTECTED]> wrote:
> still working on that. Net::SSLeay supports fetching the cn from the
> certificate, but I am still looking for subjectAltName field support.
I'll take a look.
> This is nasty stuff. As far as I know the hostname has to be conver
Hi,
> Great start! There are a couple of ways it could be improved (IMO):
>
> * it should be picking up the certificate's hostname from the
> subjectAltName field, and only if that's not found look in the DN
still working on that. Net::SSLeay supports fetching the cn from the
certificate, but I
Hi,
> > Something should definitely implement that check. I guess it is up
> > to Net::LDAP to do that, because the algorithm to find the
> > hostname/ address
> > might be different for different application protocols using
> > IO::Socket::SSL.
>
> Yes. The LDAP checks are described in RFC 4513
On 16/5/07 12:26, "Christopher Odenbach" <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
>>> Something should definitely implement that check. I guess it is up
>>> to Net::LDAP to do that, because the algorithm to find the
>>> hostname/ address
>>> might be different for different application protocols usi
On May 14, 2007, at 7:08 AM, Chris Ridd wrote:
Something should definitely implement that check. I guess it is up to
Net::LDAP to do that, because the algorithm to find the hostname/
address
might be different for different application protocols using
IO::Socket::SSL.
Yes. The LDAP checks
On 14/5/07 8:39, "Christopher Odenbach" <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
> Net::LDAP::Security states correctly, that an SSL connection must be
> verified by two things:
>
> 1. a correct certificate chain
> 2. a matching hostname in the certificate
>
> The document states further on that t
