[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: commit: ldap/libraries/libldap init.c tls.c

--On Saturday, October 30, 2004 11:08 AM +0200 Pierangelo Masarati <ando@sys-net.it> wrote:

ralf@OpenLDAP.org wrote:

Update of /repo/OpenLDAP/pkg/ldap/libraries/libldap

Modified Files:
	init.c  1.90 -> 1.91
	tls.c  1.115 -> 1.116

Log Message:
CRL checking options for ldap.conf and slapd.conf

I haven't been upgrading openssl on my devel machine for a while, so HEAD
does not compile any more.  No problem, however I suggest an OpenSSL
version check be implemented and either the CRL code is conditionally
#define'd or, since an adequate version of OpenSSL impacts security,
version requirements are put in place, much like we do for Berkeley DB.

We might want a combination of both? Some people may be sticking with the 0.9.6 branch, which doesn't have CRL at all, AFAIK. Certainly require OpenSSL 0.9.7d or later if that is their branch. And, what about GNU's TLS?


Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html