[Issue 9869] LDAP over TLS not doing hostname verification in version 2.4.59
https://bugs.openldap.org/show_bug.cgi?id=9869 --- Comment #3 from radiatej...@gmail.com --- I see you have marked verfied/invalid. Can you please tell me which version this issue is fixed in? -- You are receiving this mail because: You are on the CC list for the issue.
[Issue 9864] One-time leaks in accesslog
https://bugs.openldap.org/show_bug.cgi?id=9864 Quanah Gibson-Mount changed: What|Removed |Added Target Milestone|--- |2.5.13 -- You are receiving this mail because: You are on the CC list for the issue.
[Issue 9867] syncprov leak on early Abandons
https://bugs.openldap.org/show_bug.cgi?id=9867 Quanah Gibson-Mount changed: What|Removed |Added Keywords|needs_review| Target Milestone|--- |2.5.13 -- You are receiving this mail because: You are on the CC list for the issue.
[Issue 9866] delta-sync memleak on Adds
https://bugs.openldap.org/show_bug.cgi?id=9866 Quanah Gibson-Mount changed: What|Removed |Added Keywords|needs_review| Target Milestone|--- |2.5.13 -- You are receiving this mail because: You are on the CC list for the issue.
[Issue 8227] syncprov should use more threads
https://bugs.openldap.org/show_bug.cgi?id=8227 Ondřej Kuzník changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |WORKSFORME --- Comment #6 from Ondřej Kuzník --- Yeah, just gone all the way to backlogging one consumer till we block in slapd_wait_writer() and the other one keeps receiving all messages as they are prepared, just as one would hope. Resuming the blocked consumer seems to flush everything down that connection as well. -- You are receiving this mail because: You are on the CC list for the issue.
[Issue 8227] syncprov should use more threads
https://bugs.openldap.org/show_bug.cgi?id=8227 --- Comment #5 from Howard Chu --- Possibly this ticket is obsolete then. If you're satisfied that suspending/blocking one consumer doesn't interfere with other consumers' progress, we can just close this. -- You are receiving this mail because: You are on the CC list for the issue.
[Issue 9869] LDAP over TLS not doing hostname verification in version 2.4.59
https://bugs.openldap.org/show_bug.cgi?id=9869 Quanah Gibson-Mount changed: What|Removed |Added Status|RESOLVED|VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.
[Issue 9869] LDAP over TLS not doing hostname verification in version 2.4.59
https://bugs.openldap.org/show_bug.cgi?id=9869 Quanah Gibson-Mount changed: What|Removed |Added Resolution|--- |INVALID Status|UNCONFIRMED |RESOLVED -- You are receiving this mail because: You are on the CC list for the issue.
[Issue 9869] LDAP over TLS not doing hostname verification in version 2.4.59
https://bugs.openldap.org/show_bug.cgi?id=9869 radiatej...@gmail.com changed: What|Removed |Added Status|VERIFIED|UNCONFIRMED Resolution|INVALID |--- --- Comment #2 from radiatej...@gmail.com --- just a typo: ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTDIR, lCertsDir) -- You are receiving this mail because: You are on the CC list for the issue.
[Issue 9869] LDAP over TLS not doing hostname verification in version 2.4.59
https://bugs.openldap.org/show_bug.cgi?id=9869 Quanah Gibson-Mount changed: What|Removed |Added Status|RESOLVED|VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.
[Issue 9869] LDAP over TLS not doing hostname verification in version 2.4.59
https://bugs.openldap.org/show_bug.cgi?id=9869 Quanah Gibson-Mount changed: What|Removed |Added Resolution|--- |INVALID Status|UNCONFIRMED |RESOLVED -- You are receiving this mail because: You are on the CC list for the issue.
[Issue 9869] LDAP over TLS not doing hostname verification in version 2.4.59
https://bugs.openldap.org/show_bug.cgi?id=9869 Quanah Gibson-Mount changed: What|Removed |Added Keywords|needs_review| --- Comment #1 from Quanah Gibson-Mount --- Usage questions belong on the openldap-techni...@openldap.org software list. I'd also note that 2.4 release is historic. -- You are receiving this mail because: You are on the CC list for the issue.
[Issue 9869] New: LDAP over TLS not doing hostname verification in version 2.4.59
https://bugs.openldap.org/show_bug.cgi?id=9869 Issue ID: 9869 Summary: LDAP over TLS not doing hostname verification in version 2.4.59 Product: OpenLDAP Version: 2.4.59 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: b...@openldap.org Reporter: radiatej...@gmail.com Target Milestone: --- My software was using openldap client 2.4.44 to talk to the LDAP server. We have shifted to 2.4.59 now to address some issues. Ever since we shifted, the new version is allowing LDAP over TLS without hostname verification. In the older 2.4.44, I always got this error if hostname did not match the CN value: return code -1 - Can't contact LDAP server) diagnostic message TLS: hostname does not match CN in peer certificate But after the lib update, no such error even if I am using LDAP server IP to do LDAP bind while LDAP server certificate has CN set as some FQDN (say test.ldap.com). Our client side code has not changed while we updated the ldap lib. For our client, we are only doing these settings: ldap_set_option(ld, LDAP_OPT_X_TLS_CACERTDIR, lCertsDir) ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, lCert) Has there been any change in this regard? How do I enforce hostname verification now? Thanks -- You are receiving this mail because: You are on the CC list for the issue.
[Issue 8227] syncprov should use more threads
https://bugs.openldap.org/show_bug.cgi?id=8227 --- Comment #4 from Ondřej Kuzník --- Maybe you meant something else because I'm not seeing this, syncprov_matchops->syncprov_qresp already schedules a separate syncprov_qtask for each active persist session that has anything to send out. Those sessions each have a separate response queue, sharing a reference to the resinfo provided. And those tasks then run independent of each other sending messages (since ITS#5985 just one message at a time), reclaiming syncres and since ITS#8039 possibly resinfo as they make progress. Also verified all of this at runtime. -- You are receiving this mail because: You are on the CC list for the issue.