[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5582) Default OpenSSL certs are only used when TLS_CACERT(DIR)

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5582) Default OpenSSL certs are only used when TLS_CACERT(DIR)
From: hyc@symas.com
Date: Fri, 27 Jun 2008 18:58:42 GMT

h.b.furuseth@usit.uio.no wrote:
> Full_Name: Hallvard B Furuseth
> Version: HEAD, 2.3, 2.4
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/Hallvard-Furuseth-080627.diff
> Submission from: (NULL) (129.240.6.233)
> Submitted by: hallvard
>
>
> OpenLDAP only uses the default certificates installed with OpenSSL if
> TLS_CACERT or TLS_CACERTDIR is set.  Or presumably
> TLSCACertificate<File/Dir>  in servers, but the libldap/tls.c code for
> servers seem to require a certificate chain from that directory anyway.
>
Sounds like this works as designed. The docs tell you that either CACERT or 
CACERTDIR must be explicitly configured.


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: (ITS#5582) Default OpenSSL certs are only used when TLS_CACERT(DIR)
Next by Date: Re: (ITS#5582) Default OpenSSL certs are only used when TLS_CACERT(DIR)
Index(es):
- Chronological
- Thread