[Bug 1835181] Re: OpenLDAP LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and ldap:// with STARTTLS

Wed, 10 Jul 2019 05:51:01 -0700 

Thanks for getting back to us!

Just to be sure, I also checked xenial and trusty, and the results are the same:
ubuntu@xenial-ldap-start-tls-1835181:~$ ldapwhoami -x -H 
ldaps://xenial-ldap-start-tls-1835181.lxd/ -d -1 2>&1 | grep ^TLS
TLS: hostname (xenial-ldap-start-tls-1835181.lxd) does not match common name in 
certificate (ubuntu).

ubuntu@xenial-ldap-start-tls-1835181:~$ ldapwhoami -x -ZZ -h 
xenial-ldap-start-tls-1835181.lxd -d -1 2>&1 | grep ^TLS
TLS: hostname (xenial-ldap-start-tls-1835181.lxd) does not match common name in 
certificate (ubuntu).

ubuntu@xenial-ldap-start-tls-1835181:~$ ldapwhoami -x -H ldaps://ubuntu
anonymous
ubuntu@xenial-ldap-start-tls-1835181:~$ ldapwhoami -x -ZZ -h ubuntu
anonymous


Trusty is also fine:
ubuntu@trusty-ldap-start-tls-1835181:~$ ldapwhoami -x -H ldaps://ubuntu
anonymous
ubuntu@trusty-ldap-start-tls-1835181:~$ ldapwhoami -x -H 
ldaps://trusty-ldap-start-tls-1835181.lxd
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
ubuntu@trusty-ldap-start-tls-1835181:~$ ldapwhoami -x -H 
ldaps://trusty-ldap-start-tls-1835181.lxd -d -1 2>&1 | grep ^TLS
TLS: hostname (trusty-ldap-start-tls-1835181.lxd) does not match common name in 
certificate (ubuntu).
ubuntu@trusty-ldap-start-tls-1835181:~$ ldapwhoami -x -ZZ -h ubuntu
anonymous
ubuntu@trusty-ldap-start-tls-1835181:~$ ldapwhoami -x -ZZ -h 
trusty-ldap-start-tls-1835181.lxd
ldap_start_tls: Connect error (-11)
        additional info: TLS: hostname does not match CN in peer certificate
ubuntu@trusty-ldap-start-tls-1835181:~$ ldapwhoami -x -ZZ -h 
trusty-ldap-start-tls-1835181.lxd -d -1 2>&1 | grep ^TLS
TLS: hostname (trusty-ldap-start-tls-1835181.lxd) does not match common name in 
certificate (ubuntu).
ubuntu@trusty-ldap-start-tls-1835181:~$ 


Cheers!


** Changed in: openldap (Ubuntu)
       Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1835181

Title:
  OpenLDAP LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between
  ldaps:// and ldap:// with STARTTLS

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1835181/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to