[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#3733) patch guide/admin/tls.sdf
Dave Brondsema wrote:
> Howard Chu wrote:
>
>> dave@brondsema.net wrote:
>>
>>> Full_Name: Dave Brondsema
>>> Version: head
>>> OS: linux
>>> URL: ftp://ftp.openldap.org/incoming/dave-brondsema-050518.patch
>>> Submission from: (NULL) (69.208.95.25)
>>>
>>>
>>> This provides a simple example to help, especially for TLSCipherSuite.
>>>
>>> I don't understand TLS for OpenLDAP well, so please correct and
>>> improve this if
>>> necessary, but I do hope I can make the docs easier for the next
>>> reader.
>>>
>> We do not advocate the use of self-signed certificates, therefore I am
>> inclined to reject this patch.
>>
>
> Ok. I would then suggest that that is more clear in the docs. And
> instead of my patch, explain TLSCipherSuite a bit more. I don't even
> really understand it, I just found an example somewhere and it worked
> for me.
The Admin Guide section 11.2 talks about CA certificates in practically
every other sentence. If you missed that, I'm not sure there's much more
we can do to make it clearer. It is not the purpose of the OpenLDAP
documentation to teach all of the concepts of using SSL/TLS, that's why
it explicitly refers you to the OpenSSL documentation. The purpose of
the OpenLDAP documentation is to tell you how the SSL/TLS concepts are
manipulated in OpenLDAP software. The Admin Guide is not an Internet
Technology 101 tutorial. It is for server administrators, and a sysadmin
should already understand the basic technologies involved.
--
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support