OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Software Bugs/8529
Full headers

From: hguo@suse.com
Subject: Avoid hiding the error in LDAP client if user specified CA does not load
Compose comment
Download message
State:
0 replies:
1 followups: 1

Major security issue: yes  no

Notes:

Notification:


Date: Thu, 10 Nov 2016 14:43:34 +0000
From: hguo@suse.com
To: openldap-its@OpenLDAP.org
Subject: Avoid hiding the error in LDAP client if user specified CA does not load
Full_Name: Howard Guo
Version: Latest at commit 227e02ec2049c6df5df44333980e3b529289a5c7
OS: openSUSE
URL: ftp://ftp.openldap.org/incoming/howard-guo-161110.patch
Submission from: (NULL) (195.135.221.2)


The TLS configuration deliberately hid the error in case that user specified CA
locations cannot be read, by loading CAs from default locations; and when user
does not specify CA locations, the CAs from default locations are not read at
all.
    
This patch corrects the behaviour so that CAs from default location are used if
user does not specify a CA location, and user is informed of the error if CAs
cannot be loaded from the user specified location.

Followup 1

Download message
Subject: Re: (ITS#8529) Avoid hiding the error in LDAP client if user
 specified CA does not load
To: openldap-its@OpenLDAP.org
From: =?UTF-8?Q?Michael_Str=c3=b6der?= <michael@stroeder.com>
Date: Thu, 10 Nov 2016 16:09:52 +0100
@Quanah: Could this patch even make it into upcoming release 2.4.45?


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org