Bug 790915 - matching wildcard hostnames in certificate Subject field does not work
matching wildcard hostnames in certificate Subject field does not work
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: openldap (Show other bugs)
6.1
x86_64 Linux
urgent Severity high
: rc
: ---
Assigned To: Jan Synacek
BaseOS QE Security Team
: Regression, ZStream
Depends On: 726984
Blocks: 788730
  Show dependency treegraph
 
Reported: 2012-02-15 12:31 EST by RHEL Product and Program Management
Modified: 2013-10-29 08:19 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Previously, OpenLDAP did not properly handle wildcarded common names (for example CN=*.example.com) in LDAP certificates. Therefore, when a program used OpenLDAP for a secure SSL/TLS connection to an LDAP server using an LDAP certificate with a wildcarded common name, the connection failed. With this update, the code of OpenLDAP has been modified to properly test common names in LDAP certificates so that a connection to the LDAP server now succeeds if the wildcarded common name matches the server hostname.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-04-05 03:12:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description RHEL Product and Program Management 2012-02-15 12:31:39 EST
This bug has been copied from bug #726984 and has been proposed
to be backported to 6.1 z-stream (EUS).
Comment 8 Miroslav Svoboda 2012-03-15 09:28:57 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Previously, OpenLDAP did not properly handle wildcarded common names (for example CN=*.example.com) in LDAP certificates. Therefore, when a program used OpenLDAP for a secure SSL/TLS connection to an LDAP server using an LDAP certificate with a wildcarded common name, the connection failed. With this update, the code of OpenLDAP has been modified to properly test common names in LDAP certificates so that a connection to the LDAP server now succeeds if the wildcarded common name matches the server hostname.
Comment 10 errata-xmlrpc 2012-04-05 03:12:37 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0453.html

Note You need to log in before you can comment on or make changes to this bug.