[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7206) ldaprc: TLS_REQCERT demand does not terminate session, if a bad certicate comes from the server

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7206) ldaprc: TLS_REQCERT demand does not terminate session, if a bad certicate comes from the server
From: hyc@symas.com
Date: Wed, 14 Mar 2012 10:58:08 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

mkeller@psi.de wrote:
> Full_Name: Michael Keller
> Version: 2.4.20
> OS: SLES 11 SP1
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (95.131.98.154)
>
>
> I have configured slapd to accept only TLS connections with:
>
> security ssf=1 update_ssf=112 simple_bind=64
>
> A ldapsearch -x returns correctly a
> "# search result
> search: 2
> result: 13 Confidentiality required
> text: confidentiality required"
>
> When using TLS_REQCERT=demand a
> ldapsearch -x -Z still returns results, even if a bad certificate comes from the
> server. See debug output below.
> ldapsearch -x -Z

Works as designed. Read the description for the -Z flag again. Closing this ITS.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: (ITS#7206) ldaprc: TLS_REQCERT demand does not terminate session, if a bad certicate comes from the server
Next by Date: (ITS#7207) Re-binding to a failed connection segfaults
Index(es):
- Chronological
- Thread