]> git.sur5r.net Git - openldap/commit
projects / openldap / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fdb3443) | patch
ITS#7014 TLS: don't check hostname if reqcert is 'allow'
authorJan Vcelak <jvcelak@redhat.com>
Tue, 9 Aug 2011 13:21:34 +0000 (15:21 +0200)
committerHoward Chu <hyc@openldap.org>
Wed, 24 Aug 2011 22:27:29 +0000 (15:27 -0700)
commit3dae953fd6648f655c6bc67702fad4debbe59c40
treebd429a349184ef60ecbdfb13c9eaeedc8ef5050ftree | snapshot
parentfdb3443366d1b71f60955f565307bf5232cacb8ecommit | diff
ITS#7014 TLS: don't check hostname if reqcert is 'allow'

If server certificate hostname does not match the server hostname,
connection is closed even if client has set TLS_REQCERT to 'allow'. This
is wrong - the documentation says, that bad certificates are being
ignored when TLS_REQCERT is set to 'allow'.
libraries/libldap/tls2.c diff | blob | history
Cloned from git://git.openldap.org/openldap.git