On Thu, Feb 27, 2020 at 12:23:07AM +0000, Howard Chu wrote: > Brian Reichert wrote: > >> An interesting fact is that if the CN is set to the fqdn like > >> dc01.mydomain.ch (not ldap.mydomain.ch), it works perfectly (with > >> ldap.mydomain.ch as SAN). > > > > I may be misreading this, but this sounds like a TLS issue. > > Wrong. The above error message comes from libldap.
Thanks for the clarification; I've not seen this class of error before... > Definitely sounds like the SAN is not set correctly in the cert, > but this is definitely libldap complaining, the TLS library doesn't > do this hostname check. > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ > -- Brian Reichert <[email protected]> BSD admin/developer at large
