Emmanuel BILLOT wrote:
I'm not sure how it's possible. Yes, by default the hostname is checked. This is controlled by the attribute nsslapd-ssl-check-hostname in cn=config. By default this is "on".Hi,During our many tests, we've seen a particular behaviour in certs checking, so wewander if it is not as misconfiguration of our server :We have installed 2 FDS and replication agrements between it. Those replication agrement are configurated with the "SSL connection" option enable, "simple authentification" and a replication manager. A certificate have been generated for each server, using is FQDN. Replication is ok. However, we 've made a mistake in a tests, and one cert was generated with DNS hostname different from the server it was destinated for and replication is still working...How is it possible ? Is there any hostname controle in the SSL connection ?
Ex: toutou.gaia.net (with cert signed toutou.gaia.intranet.net) is replicating with gri.gaia.net (with cert signed gri.gaia.net)BR,
<<attachment: smime.p7s>>
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
