[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4072) Feature request: Don't list StartTLS ( if not configured correctly

Michael Ströder wrote:
> Howard Chu wrote:
>> michael@stroeder.com wrote:
>>> I'd like to propose that StartTLS ( is not
>>> listed in
>>> rootDSE's attribute supportedExtension if TLS/SSL is not configured
>>> correctly.
>> What does "not configured correctly" mean? E.g., if invalid files are
>> used for the cert/key file options, ldap_pvt_tls_init_def_ctx() will
>> fail, and slapd will refuse to startup. What other configurations are
>> you concerned with?
> Well, rather not configured at all but compiled with TLS support.
I guess that makes sense. Done. Please test.

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/