9757 – The private key of the ldap certificate

Issue 9757 - The private key of the ldap certificate

Summary: The private key of the ldap certificate

Status:	VERIFIED DUPLICATE of issue 8485

Alias:	None

Product:	OpenLDAP
Classification:	Unclassified
Component:	backends (show other issues)
Version:	2.4.59
Hardware:	All Linux

Importance:	--- normal
Target Milestone:	---
Assignee:	OpenLDAP project

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-11-30 11:13 UTC by ydgdsnn@163.com
Modified:	2021-12-02 16:55 UTC (History)
CC List:	0 users

See Also:

Attachments
prikey.key (295.07 KB, image/png) 2021-11-30 11:13 UTC, ydgdsnn@163.com	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description ydgdsnn@163.com 2021-11-30 11:13:33 UTC

Created attachment 856 [details]
prikey.key

Current situation: The private key of the ldap certificate is used to set LDAP_OPT_X_TLS_KEYFILE when bind, and this file is currently stored in plain text.

Appeal: Can we store the ciphertext of the file, and then decrypt it when we use it?

Comment 1 Quanah Gibson-Mount 2021-12-02 16:55:45 UTC

OpenSSL should generate a prompt when a passphrase protected key is provided to the ldap client already.

*** This issue has been marked as a duplicate of issue 8485 ***