[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#5582) Default OpenSSL certs are only used when TLS_CACERT(DIR)
h.b.furuseth@usit.uio.no wrote:
> Full_Name: Hallvard B Furuseth
> Version: HEAD, 2.3, 2.4
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/Hallvard-Furuseth-080627.diff
> Submission from: (NULL) (129.240.6.233)
> Submitted by: hallvard
>
>
> OpenLDAP only uses the default certificates installed with OpenSSL if
> TLS_CACERT or TLS_CACERTDIR is set. Or presumably
> TLSCACertificate<File/Dir> in servers, but the libldap/tls.c code for
> servers seem to require a certificate chain from that directory anyway.
>
Sounds like this works as designed. The docs tell you that either CACERT or
CACERTDIR must be explicitly configured.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/