[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5981) TLSVerifyClient try setting fails with GnuTLS

Full_Name: Peter Marschall
Version: 2.4.15
OS: Linux
URL: ftp://ftp.openldap.org/incoming/Peter-Marschall-090301.patch
Submission from: (NULL) (


when OpenLDAP 2.4.15 is compiled with GnuTLS, then setting
  TLSVerifyClient Try
in slapd.conf makes TLS connections without certificates impossible.

This is caused by incomplete decoding in tls_g.c

The patch in ftp://ftp.openldap.org/incoming/Peter-Marschall-090301.patch
fixes this issue together with a few other little cleanups:
- remove unused variables (less compiler warnings)
- use correct types (less compiler warnings)
- detect failed calls for activation/exiration functions to
  avoid giving wrong information

Please consider adding this patch to OpenLDAP