[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: RE24 testing round 3

Hallvard B Furuseth wrote:
back-ldap/bind.c needs "lutil.h" for lutil_strcopy().

Beyond that, passes all tests on Ubuntu --with-tls=gnutls.

Which reminds me, we need some tests that actually exercise TLS. We should add a sample CA cert + server and user cert+key to the test suite. Or maybe generate them on the fly, so we can also set a short lifetime and test expiration and CRL processing. We should test the certificate matching rules as well. (Not sure how much we need to test re: cert validation; we ought to be able to rely on the respective crypto suites to do that already.) At the very least, we ought to be able to set a user cert, authenticate with SASL/EXTERNAL, and verify the output of ldapwhoami.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/