[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6248) Support multiple CA Cert directories
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#6248) Support multiple CA Cert directories
- From: hyc@symas.com
- Date: Tue, 11 Aug 2009 20:47:43 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
quanah@zimbra.com wrote:
> Full_Name: Quanah Gibson-Mount
> Version: 2.4.x
> OS: NA
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (75.111.29.239)
>
>
> Both openssl and gnutls support loading CA certs from multiple directories. It
> would be handy to be able to do this for slapd and the ldap clients. For
> example, zimbra puts its CA certs in /opt/zimbra/conf/ca, but the system it is
> installed upon is going to have a different default destination for where its
> ldap clients look for CA certs. By having support for the multiple paths, the
> configuration can be adjusted to look in both the system location, and any
> number of specialized ones.
>
In light of ITS#5582, this should probably wait until 2.5. I.e., we probably
also want to require the OpenSSL default paths to be explicitly enabled when
we allow multiple paths to be configured.
E.g. we could allow "DEFAULT" to be a specially recognized token for enabling
the default path.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/