790915 – matching wildcard hostnames in certificate Subject field does not work

Bug 790915 - matching wildcard hostnames in certificate Subject field does not work

Summary: matching wildcard hostnames in certificate Subject field does not work

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	openldap
Sub Component:
Version:	6.1
Hardware:	x86_64
OS:	Linux
Priority:	urgent
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Jan Synacek
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:	726984
Blocks:	788730
TreeView+	depends on / blocked

Reported:	2012-02-15 17:31 UTC by RHEL Program Management
Modified:	2018-11-27 20:46 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Previously, OpenLDAP did not properly handle wildcarded common names (for example CN=*.example.com) in LDAP certificates. Therefore, when a program used OpenLDAP for a secure SSL/TLS connection to an LDAP server using an LDAP certificate with a wildcarded common name, the connection failed. With this update, the code of OpenLDAP has been modified to properly test common names in LDAP certificates so that a connection to the LDAP server now succeeds if the wildcarded common name matches the server hostname.
Clone Of:
Environment:
Last Closed:	2012-04-05 07:12:37 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2012:0453	0	normal	SHIPPED_LIVE	openldap bug fix update	2012-04-05 11:11:17 UTC

Description RHEL Program Management 2012-02-15 17:31:39 UTC

This bug has been copied from bug #726984 and has been proposed
to be backported to 6.1 z-stream (EUS).

Comment 8 Miroslav Svoboda 2012-03-15 13:28:57 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Previously, OpenLDAP did not properly handle wildcarded common names (for example CN=*.example.com) in LDAP certificates. Therefore, when a program used OpenLDAP for a secure SSL/TLS connection to an LDAP server using an LDAP certificate with a wildcarded common name, the connection failed. With this update, the code of OpenLDAP has been modified to properly test common names in LDAP certificates so that a connection to the LDAP server now succeeds if the wildcarded common name matches the server hostname.

Comment 10 errata-xmlrpc 2012-04-05 07:12:37 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0453.html

Note You need to log in before you can comment on or make changes to this bug.