[Date Prev][Date Next] [Chronological] [Thread] [Top]

TLS options in 2.0.6 and HEAD


As I read the slapd code, it appears that

  o TLSVerifyClient is broken in 2.0.6 (at least the config file
    reading for it is). This appears to be fixed in HEAD, correct?

  o I am a little unclear of the use of TLSCACertificatePath
    and TLSCACertificateFile.  I assume that these are for 
    specifying a CA used to verify the slapd server's certificate 
    in the case where it is not self-signed.  Can someone briefly
    explain the difference between the Dir and Path?  The 
    documentation on SSL_CTX_load_verify_locations() seems 
    to be a little sparse.  Do these work in 2.0.6?

Cheers, jerry
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com/  VA Linux Systems   gcarter@valinux.com
       http://www.samba.org/       SAMBA Team          jerry@samba.org
       http://www.plainjoe.org/                     jerry@plainjoe.org

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )