[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8675) tools continuing after ldap_start_tls_ returns non-LDAP error

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8675) tools continuing after ldap_start_tls_ returns non-LDAP error
From: kurt@boolean.net
Date: Mon, 19 Jun 2017 13:09:55 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

it's standard conformance issue....

The spec says that upon StartTLS 'success', both TLS communications is =
established on the octet following the Start TLS response (and the =
request)... and that once one starts TLS communications, one can never =
go back to LDAP without TLS. So if there's a TLS failure (whether as =
part of TLS nego or later), LDAP communications cannot be continued =
(without TLS).

Only ignoring LDAP errors (rc > 0) ensures that if TLS negotiation =
fails, we don't attempt to send LDAP operations without TLS.

-- Kurt=

Prev by Date: Re: (ITS#6077) Spurious uniqueness errors with filters in unique overlays
Next by Date: Re: (ITS#8668) Cache overlay, unexpected behaviour and occasional segfaults
Index(es):
- Chronological
- Thread