[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5981) TLSVerifyClient try setting fails with GnuTLS

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5981) TLSVerifyClient try setting fails with GnuTLS
From: hyc@symas.com
Date: Mon, 2 Mar 2009 02:03:59 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

peter@adpm.de wrote:
> Full_Name: Peter Marschall
> Version: 2.4.15
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/Peter-Marschall-090301.patch
> Submission from: (NULL) (92.75.56.86)
>
>
> Hi,
>
> when OpenLDAP 2.4.15 is compiled with GnuTLS, then setting
>    TLSVerifyClient Try
> in slapd.conf makes TLS connections without certificates impossible.
>
> This is caused by incomplete decoding in tls_g.c
>
> The patch in ftp://ftp.openldap.org/incoming/Peter-Marschall-090301.patch
> fixes this issue together with a few other little cleanups:
> - remove unused variables (less compiler warnings)
> - use correct types (less compiler warnings)
> - detect failed calls for activation/exiration functions to
>    avoid giving wrong information
>
> Please consider adding this patch to OpenLDAP

Thanks for the patch, committed to HEAD.
>
> Regards
> Peter
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: ldappasswd returns "Additional info: password hash failed" in Solaris 10 SPARC openldap 2.4.11
Next by Date: Re: ldappasswd returns "Additional info: password hash failed" in Solaris 10 SPARC openldap 2.4.11
Index(es):
- Chronological
- Thread