TLS: can't accept: A disallowed SNI server name has been received

[regeda]

I get the error when I try to validate the TLS connection.

My docker-compose.yml is:

version: '3.1'

services:
  openldap_1:
    image: osixia/openldap:1.3.0
    command: --loglevel debug --copy-service
    environment:
      HOSTNAME: openldap_1
      LDAP_LOG_LEVEL: 1
      LDAP_ORGANISATION: XYZ
      LDAP_DOMAIN: xyz.org
      LDAP_ADMIN_PASSWORD: admin
      LDAP_CONFIG_PASSWORD: config
      LDAP_BACKEND: mdb
      LDAP_REMOVE_CONFIG_AFTER_SETUP: 'false'
    tty: true
    stdin_open: true
    volumes:
      - /var/lib/ldap
      - /etc/ldap/slapd.d

I run the command in a container:

openssl s_client -CApath /container/run/service/slapd/assets/certs -servername openldap_1 -connect openldap_1:636

Then I get the output from a container:

openldap_1_1   | 5ddd5f18 slap_listener_activate(7):
openldap_1_1   | 5ddd5f18 >>> slap_listener(ldaps://openldap_1)
openldap_1_1   | 5ddd5f18 connection_get(12): got connid=1002
openldap_1_1   | 5ddd5f18 connection_read(12): checking for input on id=1002
openldap_1_1   | TLS: can't accept: A disallowed SNI server name has been received..
openldap_1_1   | 5ddd5f18 connection_read(12): TLS accept failure error=-1 id=1002, closing
openldap_1_1   | 5ddd5f18 connection_close: conn=1002 sd=12

Does anybody know how to fix that?

[regeda]

I found the root cause: https://github.com/gnutls/gnutls/blob/master/lib/str.h#L63

TLS doesn't allow underscore in a domain name.

openldap_1 should be renamed by openldap1.