[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6248) Support multiple CA Cert directories

quanah@zimbra.com wrote:
> Full_Name: Quanah Gibson-Mount
> Version: 2.4.x
> OS: NA
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (
> Both openssl and gnutls support loading CA certs from multiple directories.  It
> would be handy to be able to do this for slapd and the ldap clients.  For
> example, zimbra puts its CA certs in /opt/zimbra/conf/ca, but the system it is
> installed upon is going to have a different default destination for where its
> ldap clients look for CA certs.  By having support for the multiple paths, the
> configuration can be adjusted to look in both the system location, and any
> number of specialized ones.
In light of ITS#5582, this should probably wait until 2.5. I.e., we probably 
also want to require the OpenSSL default paths to be explicitly enabled when 
we allow multiple paths to be configured.

E.g. we could allow "DEFAULT" to be a specially recognized token for enabling 
the default path.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/