[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem with TLVVerifyClient ? (ITS#2226)

To: openldap-its@OpenLDAP.org
Subject: Problem with TLVVerifyClient ? (ITS#2226)
From: philip.inglesant@netscalibur.co.uk
Date: Wed, 4 Dec 2002 18:09:48 GMT

Full_Name: Philip Inglesant
Version: 2.0.23
OS: FreeBSD 4.4
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (195.157.3.115)


http://www.openldap.org/doc/admin21/tls.html says that there are four possible
values for the TLSVerifyClient directive: never | allow | try | demand. However,
a quick look at the source ../servers/slapd/config.c shows that it is parsing
the argument to this directive by 
                        i = atoi(cargv[1]);
                        rc = ldap_pvt_tls_set_option( NULL,
                                                     
LDAP_OPT_X_TLS_REQUIRE_CERT,
                                                      &i );
etc.

Either I am misunderstanding the code or the documentation is out of step with
the source. I have tried putting "demand" and various other values and the LDAP
server happily allows a client to bind to it without supplying a client
certificate. If I put "TLSVerifyClient 1", on the other hand, the bind fails
without a client certificate.

Prev by Date: lutil_passwd problem
Next by Date: RE: Problem with TLVVerifyClient ? (ITS#2226)
Index(es):
- Chronological
- Thread