[Date Prev][Date Next] [Chronological] [Thread] [Top]

TLS_CACERT Ignoring Cert Completely in 2.0.27?

To: openldap-software@OpenLDAP.org
Subject: TLS_CACERT Ignoring Cert Completely in 2.0.27?
From: "spammy@flashmail.com" <spammy@flashmail.com>
Date: Thu, 29 Jan 2004 17:15:49 -0800

Hello,

Does anybody know if TLS_CACERT/TLS_REQCERT doesn't fully
check certs in 2.0.27?  If TLS_CACERT isn't the cert for the
server's
CA, no error occurs and the connection continues, whereas I
was expecting to see it fail, as it does with PADL's
libpam_ldap/nss-ldap (specified with tls_cacert as well). 
The absence of TLS_CACERT allows all connections as well,
only pointing TLS_CACERT to a directory (as an
expecting-failure test) will cause the connection to fail.

Any suggestions?  I am trying to supply a single CA cert to
OpenLDAP so as to use self-signed certs legitimately (which
works fine with PADL's pam/nss libs).

Thanks,

-cg

Prev by Date: RE: Multi-threaded Client Development With libldap_r
Next by Date: unknown LDAP result code (-30990): using groups to manage ACL's
Index(es):
- Chronological
- Thread