[Date Prev][Date Next] [Chronological] [Thread] [Top]

TLS options in 2.0.6 and HEAD

To: openldap-devel@OpenLDAP.org
Subject: TLS options in 2.0.6 and HEAD
From: Gerald Carter <gcarter@valinux.com>
Date: Mon, 06 Nov 2000 10:43:54 -0600
Organization: VA Linux Systems

Folks,

As I read the slapd code, it appears that

  o TLSVerifyClient is broken in 2.0.6 (at least the config file
    reading for it is). This appears to be fixed in HEAD, correct?

  o I am a little unclear of the use of TLSCACertificatePath
    and TLSCACertificateFile.  I assume that these are for 
    specifying a CA used to verify the slapd server's certificate 
    in the case where it is not self-signed.  Can someone briefly
    explain the difference between the Dir and Path?  The 
    documentation on SSL_CTX_load_verify_locations() seems 
    to be a little sparse.  Do these work in 2.0.6?




Cheers, jerry
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com/  VA Linux Systems   gcarter@valinux.com
       http://www.samba.org/       SAMBA Team          jerry@samba.org
       http://www.plainjoe.org/                     jerry@plainjoe.org

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )

Follow-Ups:
- RE: TLS options in 2.0.6 and HEAD
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: Re: filter in shell backend
Next by Date: RE: TLS options in 2.0.6 and HEAD
Index(es):
- Chronological
- Thread