[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Different TLSVerifyClient possible?



Dieter Kluenter <dieter@dkluenter.de> writes:

> The intention of TLS is to be under client control, that is, the
> client has to verify the server certificate.

The other way (server verifies client) should as well be possible
(according to RFC2830):

   Server implementors SHOULD allow for server administrators to elect
   whether and when connection confidentiality and/or integrity is
   required, as well as elect whether and when client authentication via
   TLS is required.

Particulary this may be achieved with the security ssf entries in
slapd.conf but at the moment I have no idea how to get this to work
depending on the interface/address slapd is listening on.

The integrity-check performed by clients is - at the moment - not an
issue here.

Martin