[Date Prev][Date Next] [Chronological] [Thread] [Top]

certficate verify locations in libraries/libldap/tls.c



Is the use of SSL_CTX_set_client_CA_list() really necessary in tls.c? I
think that SSL_CTX_load_verify_locations() does the the setting of the
verification paths correctly for both tls_opt_cacertfile *and*
tls_opt_cacertdir.

And because there would be no need for testing of calist, all combinations
of tls_opt_cacertfile and tls_opt_cacertdir are possible. That would greatly
simplify the configuration of the client programs.


-- 
Jarkko Turkulainen
UNIX Administrator, Wapit Ltd.