[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5582) Default OpenSSL certs are only used when TLS_CACERT(DIR)

h.b.furuseth@usit.uio.no wrote:
> Full_Name: Hallvard B Furuseth
> Version: HEAD, 2.3, 2.4
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/Hallvard-Furuseth-080627.diff
> Submission from: (NULL) (
> Submitted by: hallvard
> OpenLDAP only uses the default certificates installed with OpenSSL if
> TLS_CACERT or TLS_CACERTDIR is set.  Or presumably
> TLSCACertificate<File/Dir>  in servers, but the libldap/tls.c code for
> servers seem to require a certificate chain from that directory anyway.
Sounds like this works as designed. The docs tell you that either CACERT or 
CACERTDIR must be explicitly configured.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/