OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Documentation/7744
Full headers

From: jsynacek@redhat.com
Subject: [Patch] TLS_REQCERT section in ldap.conf is confusing
Compose comment
Download message
State:
0 replies:
0 followups:

Major security issue: yes  no

Notes:

Notification:


Date: Wed, 13 Nov 2013 12:49:40 +0000
From: jsynacek@redhat.com
To: openldap-its@OpenLDAP.org
Subject: [Patch] TLS_REQCERT section in ldap.conf is confusing
Full_Name: Jan Synacek
Version: master
OS: Linux - Fedora 19
URL: http://jsynacek.fedorapeople.org/openldap/jsynacek-20131113-0001-Fix-client-manpage.patch
Submission from: (NULL) (209.132.186.34)


Quoting ldap.conf(5):

TLS_REQCERT <level>
...
   try    The  server  certificate  is  requested. If no certificate is
provided, the session proceeds normally. If a bad certificate is provided, the
session is immediately terminated.

There is currently no way how to "provide no server certificate" and
successfully connect via a client (e.g. ldapsearch).

For additional discussion, see
http://www.openldap.org/lists/openldap-technical/201311/msg00099.html.
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org