Full_Name: Quanah Gibson-Mount Version: 2.4.30 OS: Linux 2.6 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (75.108.184.39) From the manual page: olcTLSVerifyClient: <level> Specifies what checks to perform on client certificates in an incoming TLS session, if any. The <level> can be specified as one of the following keywords: never This is the default. slapd will not ask the client for a certificate. allow The client certificate is requested. If no certificate is provided, the session proceeds normally. If a bad certificate is provided, it will be ignored and the ses- sion proceeds normally. try The client certificate is requested. If no certificate is provided, the session proceeds normally. If a bad certificate is provided, the session is immediately ter- minated. demand | hard | true These keywords are all equivalent, for compatibility rea- sons. The client certificate is requested. If no cer- tificate is provided, or a bad certificate is provided, the session is immediately terminated. Note that a valid client certificate is required in order to use the SASL EXTERNAL authentication mechanism with a TLS session. As such, a non-default olcTLSVerifyClient setting must be chosen to enable SASL EXTERNAL authenti- cation. However, the code has: static slap_verbmasks vfykeys[] = { { BER_BVC("never"), LDAP_OPT_X_TLS_NEVER }, { BER_BVC("demand"), LDAP_OPT_X_TLS_DEMAND }, { BER_BVC("try"), LDAP_OPT_X_TLS_TRY }, { BER_BVC("hard"), LDAP_OPT_X_TLS_HARD }, { BER_BVNULL, 0 } }; Which means: a) allow is missing b) true is missing c) demand and hard set different flags. Not sure if that means any difference functionality wise, but according to the manual page, demand/true/hard are supposed to be the same behavior.
--On Sunday, March 04, 2012 8:40 PM +0000 quanah@OpenLDAP.org wrote: see also <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658749> --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
changed notes changed state Open to Test moved from Incoming to Software Bugs
changed notes changed state Test to Closed
fixed in master fixed in RE24