[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: load balancer with SSL



man ldap.conf says:

"never
           The client will not request or check any server certificate."

It seems that never means it will never check any server certificate
(even if given one). I'm assuming there are no exceptions here and
that "never" really does mean "never".

Back to the version I'm using, which is 2.2.17. If Howard Chu is
correct, this functionality should be in my version ... if the
functionality was added in April 2003 ... because 2.2.17 was released
in Sep 2004. Or was that date wrong?
I tried looking at the versions 1, 2, and 3 CHANGES files, and I
couldn't pin down when it was added.

I'm looking for either (1) my version is definately too old and it
simply does not have this functionality, or (2) I'm doing something
wrong, and what I need to do to fix it is XYZ.

  Thanks,
- Jeremiah

On 10/18/06, Dieter Kluenter <dieter@dkluenter.de> wrote:
"Jeremiah Martell" <inlovewithgod@gmail.com> writes:

> Dieter,
>
>    Thanks for the response. However, why should I have to do this if I
> have "TLS_REQCERT never" in my ldap.conf file? Shouldn't that mean
> openldap doesn't request, check, verify, etc any certificates?

Right, the client does not request for a certificate, but if the
server presents one, it of course is beeing checked, man ldap.conf(5)
and man slapd.conf(5)

-Dieter

--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
N 53°37'10.08"
E 10°08'02.82"
GPG Key ID:8EF7B6C6