[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7042) [PATCH] allow unsetting of tls_* options for syncrepl

On Monday 12 September 2011 19:00:08, Howard Chu wrote:
> Thanks for passing along the report, but I'm not convinced this is a
> legitimate issue. Servers that trust each other for replication should
> accept each other's TLS certificates. As I see it, if their certs aren't
> working in this configuration then their certificates were created with
> the wrong usage flags, and this is not an OpenLDAP issue.

You are definitely right. But disabling the options still might be useful for 
some people. Including the author of the patch. I think it is a very simple 
change which adds some extra bonus to current functionality. Nothing critical 
and no regressions are likely.

It would be great, if you could include the patch even if you do not 
absolutely agree with disabling the client certificate authentication for 

Jan VÄ?elák
Base Operating Systems Brno
Red Hat Inc.