On Thu, Aug 12, 2010 at 10:27:01AM +0200, Petter Reinholdtsen wrote:
[John S. Skogtvedt]In other words, if the certificate Common Name is "ldap", one has to connect to the server using the hostname "ldap". I know that that worked in lenny at least, I'll be very surprised if it doesn't in squeeze (but at least in lenny ldapvi had a bug making it the only program not to accept the certificate).I suspect something changed between Lenny and Squeeze, as certificate checking seem to have become stricter.
Perhaps what changed was simply host resolving - to more aggressively resolve FQDN instead of only hostname.
- Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: Digital signature
