[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: startTLS response does not include OID and closes on stopTLS (ITS#1590)

To: openldap-its@OpenLDAP.org
Subject: Re: startTLS response does not include OID and closes on stopTLS (ITS#1590)
From: Kurt@OpenLDAP.org
Date: Thu, 7 Feb 2002 18:30:10 GMT

At 09:51 AM 2002-02-07, CMorris@novell.com wrote:
>I've noticed the ExtendedResponse for startTLS does not include the oid
>
>of the startTLS extension as rfc 2830 says it should (section 2.1). 
>I've been
>testing against kurt's server at www.openLDAP.org.

Per the current specification, yes, the OID of the request MUST be
provided.  IMO, that sentence:

   A Start TLS extended response MUST contain a responseName field which
   MUST be set to the same string as that in the responseName field
   present in the Start TLS extended request.

should be:
   A Start TLS extended response MAY contain a responseName field.
   If responseName field is present, it MUST be set to the same
   string as that in the responseName field present in the Start TLS
   extended request.

as clients MUST accept no responseName in certain error
conditions (such as protocolError).

I'll raise this issue to LDAPbis as they are currently working on
the 2830bis draft.

Prev by Date: Re: Socket is closed on stopTLS (ITS#1591)
Next by Date: Re: test005-modrdn failed
Index(es):
- Chronological
- Thread