[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8374) LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and STARTTLS

Full_Name: Martin O'Neal
Version: openldap-2.4.31
OS: ubuntu wily
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

The handling of the LDAP_OPT_X_TLS_REQUIRE_CERT option appears to be different
between servers accessed via ldaps:// and ldap:// (plus STARTTLS) URIs.

When accessing server with a self-signed certificate, the results are:


never    OK
hard     Error: can't contact LDAP server
demand   Error: can't contact LDAP server
allow    OK
try      Error: can't contact LDAP server

ldap:// plus explicit ldap_start_tls_s()

never    OK
hard     OK
demand   OK
allow    OK
try      OK