[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4523) Unreadable TLS CA certificates cause termination

Full_Name: Walt Howard
Version: 2.2.24
OS: SuSE Ent Linux 9.3
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

If slapd.conf has a line
TLSCACertificatePath /some/path/
and any certificate file in that directory is not readable by slapd (not running
root), then slapd terminates.  In my opinion, it would be better for slapd to
certificate files it cannot read.  The whole issue of path to certificates and
of certificates seems to be ill-defined in the FOSS world.  OpenLDAP does a good
of making this configurable, but I still have to share the directory with less
well-behaved applications.

I discovered the cause by running in foreground with "-d 1023".  The error
correctly showed the directory name but listed the file as `'.