Logged in as guest
Viewing Software Bugs/5360 Full headers
Major security issue: yes no
Notes: fixed in HEAD fixed in 2.4.8 Notification:
Date: Sat, 9 Feb 2008 02:27:03 GMT From: steve.langasek@canonical.com To: openldap-its@OpenLDAP.org Subject: wrong default for TLSVerifyClient (with GnuTLS?)
Full_Name: Steve Langasek Version: 2.4.7 OS: Debian URL: http://people.ubuntu.com/~vorlon/slapd-tlsverifyclient-default.patch Submission from: (NULL) (2001:4830:1244:0:219:d2ff:fe76:2acb) The code in slapd whose purpose is to override the library default value for LDAP_OPT_X_TLS_REQUIRE_CERT is failing, at least when OpenLDAP is built with GnuTLS, because the override is done to a set of "global" options which are never used. The patch referenced below has been verified to fix this issue.
Date: Sat, 09 Feb 2008 21:32:44 -0800 From: Howard Chu <hyc@symas.com> To: steve.langasek@canonical.com CC: openldap-its@openldap.org Subject: Re: (ITS#5360) wrong default for TLSVerifyClient (with GnuTLS?)
steve.langasek@canonical.com wrote: > Full_Name: Steve Langasek > Version: 2.4.7 > OS: Debian > URL: http://people.ubuntu.com/~vorlon/slapd-tlsverifyclient-default.patch > Submission from: (NULL) (2001:4830:1244:0:219:d2ff:fe76:2acb) > > > The code in slapd whose purpose is to override the library default value for > LDAP_OPT_X_TLS_REQUIRE_CERT is failing, at least when OpenLDAP is built with > GnuTLS, because the override is done to a set of "global" options which are > never used. > > The patch referenced below has been verified to fix this issue. Thanks for the patch, committed to HEAD. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
______________ © Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org
