You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Metin Savignano (Jira)" <ji...@apache.org> on 2023/02/21 16:03:00 UTC

[jira] [Commented] (DIRSTUDIO-1305) SSL connection successful despite non-matching domain

    [ https://issues.apache.org/jira/browse/DIRSTUDIO-1305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17691689#comment-17691689 ] 

Metin Savignano commented on DIRSTUDIO-1305:
--------------------------------------------

I would have expected something like 
javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching ldap.mydomain found.

> SSL connection successful despite non-matching domain
> -----------------------------------------------------
>
>                 Key: DIRSTUDIO-1305
>                 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1305
>             Project: Directory Studio
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M16
>            Reporter: Metin Savignano
>            Priority: Major
>
> I was testing SSL setups of our test LDAPs. For testing purposes, I tried to configure a working SSL setup, and also an SSL setup that should not work because the LDAP domain is does not match the domains of the SSL server certificate. Both domains point to the same server.
> This works when I use ldapsearch to connect to the LDAP: I can connect to the correct domain, but when I use the other domain, ldapsearch expectedly fails. I get 
> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
> However, when I use Apache Directory Studio, I can connect via both domains without problem, although certificate validation is turned on in the settings.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org