Quanah Gibson-Mount wrote:
Ok. Does your certificate have a proper cn, matching the fqdn of your
server? That's the only other case where I can reproduce the described
behavior, but I don't know if that's a behavior change relative to the
OpenSSL version. (I would have hoped that OpenSSL would also refuse to
negotiate SSL/TLS with a server whose cn doesn't match the hostname being
connected to, since this subverts the SSL security model.)
OpenLDAP compiled with OpenSSL behaves the same way. i.e, the cn in the
cert must match the servername (or the fields on subjectAltName, etc).
FQDN: server-timo.van-roermund.nl
CN: van-roermund.nl
Will that be the problem? If so, then the behaviour of GnuTLS *is*
different from the behavious of OpenSSL. I will test it and let you know.
Regards,
Timo
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
