[Date Prev][Date Next]
Re: (ITS#7042) [PATCH] allow unsetting of tls_* options for syncrepl
On Monday 12 September 2011 19:00:08, Howard Chu wrote:
> Thanks for passing along the report, but I'm not convinced this is a
> legitimate issue. Servers that trust each other for replication should
> accept each other's TLS certificates. As I see it, if their certs aren't
> working in this configuration then their certificates were created with
> the wrong usage flags, and this is not an OpenLDAP issue.
You are definitely right. But disabling the options still might be useful for
some people. Including the author of the patch. I think it is a very simple
change which adds some extra bonus to current functionality. Nothing critical
and no regressions are likely.
It would be great, if you could include the patch even if you do not
absolutely agree with disabling the client certificate authentication for
Base Operating Systems Brno
Red Hat Inc.