[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ldap.conf/TLS_CACERTDIR bug (ITS#1981)

You misunderstand the usage of these keywords. The manpage says TLS_CACERT
expects a filename. Like every other directive that expects a filename, this
is expected to be a fully qualified filename.

The documentation specifies that TLS_CACERT is used to specify a single file
that contains all CA certificates. The TLS_CACERTDIR directive is used to
specify a directory that contains CA certs in separate individual files, that
is, one CA cert per file. These are two mutually exclusive ways to organize
your CA certs. If you have all of your CA certs in one file, then you
don't have a directory that contains multiple CA cert files, one cert per
and vice versa. The two keywords are completely independent.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-bugs@OpenLDAP.org
> [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of
> quanah@stanford.edu
> Sent: Wednesday, July 24, 2002 9:06 AM
> To: openldap-its@OpenLDAP.org
> Subject: ldap.conf/TLS_CACERTDIR bug (ITS#1981)
> Full_Name: Quanah Gibson-Mount
> Version: 2.1.3
> OS: Solaris 8
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (
> Hello,
> In ldap.conf, you are supposed to be able to specify the
> TLS_CACERTDIR as the location of your CA Cert, and
> TLS_CACERT as your cert.  However, at this time, you actually have
> to give the
> full pathname to the cert in TLS_CACERT for slurpd to find it, as
> when looking
> at the truss output, it simply tries to open the value of
> TLS_CACERT instead of
> --Quanah