Bug report: TLS SNI for LDAP userdb/passdb
Aki Tuomi
aki.tuomi at open-xchange.com
Thu Sep 15 04:18:58 UTC 2022
On September 14, 2022 5:29:46 PM GMT+03:00, Tobias Wolter <towo at b1-systems.de> wrote:
>Cheers,
>
>Dovecot 2.3.4.1 (Debian stable) here, and the changelog does not offer
>any hope of salvation, so a bug report it is.
>
>The LDAP connections for userdb/passdb do not support SNI via TLS.
>
>Simple construct to reproduce this:
>
>0.) Have a.pem with SAN `foo.example.com`, b.pem with `bar.example.com`
>1.) Configure haproxy frontend with `bind *:636 ssl crt /foo/a.pem ssl
> crt /foo/b.pem`
>2.) Try to use ldaps://bar.example.com/ in passdb, receive
> "auth: Error: LDAP: Can't connect to server: ldaps://bar.example.com"
>
>Expectation, of course, would be for this to work; most libraries
>should support it, it's probably just a matter of convincing the
>appropriate binding.
>
>Kind regards,
>-towo
Can you verify with
openssl s_client -connect bar.example.com:ldaps -servername bar.example.com
that correct cert is served?
---
Aki
More information about the dovecot
mailing list