[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7042) [PATCH] allow unsetting of tls_* options for syncrepl

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7042) [PATCH] allow unsetting of tls_* options for syncrepl
From: jvcelak@redhat.com
Date: Mon, 12 Sep 2011 17:16:11 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

On Monday 12 September 2011 19:00:08, Howard Chu wrote:
> Thanks for passing along the report, but I'm not convinced this is a
> legitimate issue. Servers that trust each other for replication should
> accept each other's TLS certificates. As I see it, if their certs aren't
> working in this configuration then their certificates were created with
> the wrong usage flags, and this is not an OpenLDAP issue.

You are definitely right. But disabling the options still might be useful for 
some people. Including the author of the patch. I think it is a very simple 
change which adds some extra bonus to current functionality. Nothing critical 
and no regressions are likely.

It would be great, if you could include the patch even if you do not 
absolutely agree with disabling the client certificate authentication for 
replication.

-- 
Jan VÄ?elÃ¡k
Base Operating Systems Brno
Red Hat Inc.

Prev by Date: Re: (ITS#7042) [PATCH] allow unsetting of tls_* options for syncrepl
Next by Date: Re: (ITS#7042) [PATCH] allow unsetting of tls_* options for syncrepl
Index(es):
- Chronological
- Thread