[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7206) ldaprc: TLS_REQCERT demand does not terminate session, if a bad certicate comes from the server

mkeller@psi.de wrote:
> Full_Name: Michael Keller
> Version: 2.4.20
> OS: SLES 11 SP1
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (
> I have configured slapd to accept only TLS connections with:
> security ssf=1 update_ssf=112 simple_bind=64
> A ldapsearch -x returns correctly a
> "# search result
> search: 2
> result: 13 Confidentiality required
> text: confidentiality required"
> When using TLS_REQCERT=demand a
> ldapsearch -x -Z still returns results, even if a bad certificate comes from the
> server. See debug output below.
> ldapsearch -x -Z

Works as designed. Read the description for the -Z flag again. Closing this ITS.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/