Michael Ströder wrote: > Howard Chu wrote: >> Show the output with debugging enabled. Note that "localhost" is treated >> specially, and will be replaced by the local hostname instead of being used >> directly in the name comparison. > > Why that? I strongly dislike automagic things when doing security checks.
Probably because "localhost" is useless in an actual cert from a remote server. This has been a feature of libldap since 2.1, so it's certainly nothing new. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/