[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4072) Feature request: Don't list StartTLS ( if not configured correctly

Howard Chu wrote:
> michael@stroeder.com wrote:
>> I'd like to propose that StartTLS ( is not
>> listed in
>> rootDSE's attribute supportedExtension if TLS/SSL is not configured
>> correctly.
> What does "not configured correctly" mean? E.g., if invalid files are
> used for the cert/key file options, ldap_pvt_tls_init_def_ctx() will
> fail, and slapd will refuse to startup. What other configurations are
> you concerned with?

Well, rather not configured at all but compiled with TLS support.

Ciao, Michael.