[Bug 1835181] Re: OpenLDAP LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and ldap:// with STARTTLS
Andreas Hasenack
andreas at canonical.com
Wed Jul 10 12:44:33 UTC 2019
Thanks for getting back to us!
Just to be sure, I also checked xenial and trusty, and the results are the same:
ubuntu at xenial-ldap-start-tls-1835181:~$ ldapwhoami -x -H ldaps://xenial-ldap-start-tls-1835181.lxd/ -d -1 2>&1 | grep ^TLS
TLS: hostname (xenial-ldap-start-tls-1835181.lxd) does not match common name in certificate (ubuntu).
ubuntu at xenial-ldap-start-tls-1835181:~$ ldapwhoami -x -ZZ -h xenial-ldap-start-tls-1835181.lxd -d -1 2>&1 | grep ^TLS
TLS: hostname (xenial-ldap-start-tls-1835181.lxd) does not match common name in certificate (ubuntu).
ubuntu at xenial-ldap-start-tls-1835181:~$ ldapwhoami -x -H ldaps://ubuntu
anonymous
ubuntu at xenial-ldap-start-tls-1835181:~$ ldapwhoami -x -ZZ -h ubuntu
anonymous
Trusty is also fine:
ubuntu at trusty-ldap-start-tls-1835181:~$ ldapwhoami -x -H ldaps://ubuntu
anonymous
ubuntu at trusty-ldap-start-tls-1835181:~$ ldapwhoami -x -H ldaps://trusty-ldap-start-tls-1835181.lxd
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
ubuntu at trusty-ldap-start-tls-1835181:~$ ldapwhoami -x -H ldaps://trusty-ldap-start-tls-1835181.lxd -d -1 2>&1 | grep ^TLS
TLS: hostname (trusty-ldap-start-tls-1835181.lxd) does not match common name in certificate (ubuntu).
ubuntu at trusty-ldap-start-tls-1835181:~$ ldapwhoami -x -ZZ -h ubuntu
anonymous
ubuntu at trusty-ldap-start-tls-1835181:~$ ldapwhoami -x -ZZ -h trusty-ldap-start-tls-1835181.lxd
ldap_start_tls: Connect error (-11)
additional info: TLS: hostname does not match CN in peer certificate
ubuntu at trusty-ldap-start-tls-1835181:~$ ldapwhoami -x -ZZ -h trusty-ldap-start-tls-1835181.lxd -d -1 2>&1 | grep ^TLS
TLS: hostname (trusty-ldap-start-tls-1835181.lxd) does not match common name in certificate (ubuntu).
ubuntu at trusty-ldap-start-tls-1835181:~$
Cheers!
** Changed in: openldap (Ubuntu)
Status: Incomplete => Invalid
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1835181
Title:
OpenLDAP LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between
ldaps:// and ldap:// with STARTTLS
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1835181/+subscriptions
More information about the Ubuntu-server-bugs
mailing list