[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7206) ldaprc: TLS_REQCERT demand does not terminate session, if a bad certicate comes from the server
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7206) ldaprc: TLS_REQCERT demand does not terminate session, if a bad certicate comes from the server
- From: hyc@symas.com
- Date: Wed, 14 Mar 2012 10:58:08 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
mkeller@psi.de wrote:
> Full_Name: Michael Keller
> Version: 2.4.20
> OS: SLES 11 SP1
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (95.131.98.154)
>
>
> I have configured slapd to accept only TLS connections with:
>
> security ssf=1 update_ssf=112 simple_bind=64
>
> A ldapsearch -x returns correctly a
> "# search result
> search: 2
> result: 13 Confidentiality required
> text: confidentiality required"
>
> When using TLS_REQCERT=demand a
> ldapsearch -x -Z still returns results, even if a bad certificate comes from the
> server. See debug output below.
> ldapsearch -x -Z
Works as designed. Read the description for the -Z flag again. Closing this ITS.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/