[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4523) Unreadable TLS CA certificates cause termination

To: openldap-its@OpenLDAP.org
Subject: (ITS#4523) Unreadable TLS CA certificates cause termination
From: howard@ece.ualberta.ca
Date: Fri, 5 May 2006 21:53:04 GMT

Full_Name: Walt Howard
Version: 2.2.24
OS: SuSE Ent Linux 9.3
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (129.128.208.89)


If slapd.conf has a line
TLSCACertificatePath /some/path/
and any certificate file in that directory is not readable by slapd (not running
as
root), then slapd terminates.  In my opinion, it would be better for slapd to
ignore
certificate files it cannot read.  The whole issue of path to certificates and
content
of certificates seems to be ill-defined in the FOSS world.  OpenLDAP does a good
job
of making this configurable, but I still have to share the directory with less
well-behaved applications.

I discovered the cause by running in foreground with "-d 1023".  The error
message
correctly showed the directory name but listed the file as `'.

Prev by Date: (ITS#4522) Minor inconsistency between ACL documentation and code
Next by Date: Re: (ITS#3604) different behaviour with back-bdb and back-ldbm
Index(es):
- Chronological
- Thread