libnss-ldap doesn't support SubjAlt-names on certificates
Bug #140502 reported by
MrTux
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libnss-ldap (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
libpam-ldap (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
openldap (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
libnss-ldap doesn't support SubjAlt-names on certificates, which is a big problem for me. I suppose that's because it's compiled against libtls or libgtls and not against OpenSSL. On a Mandriva-Machine (libnss-ldap is compiled against openssl) libnss-ldap honours the SubjAlt-Name and not just the common-name.
Please fix that on a next release, maybe by compiling libnss-ldap against openssl.
PS: When I tried to choose libnss-ldap as package I got a 404-error with this ID: OOPS-625E1416
To post a comment you must log in.
Furhter investigations showed that this is not directly a problem of libnss-ldap, but a problem of openldap (libldap2) which is linked against libgtls - so all tools and packages bases on this library are affected of this issue (e.g. pam-ldap).