[Date Prev][Date Next]
Re: ldapsearch allows SSL even w/o correct TLS_CACERT
2.0.27. Sorry, I mean to mention that originally...
Is this somehow fixed in later versions?
> On Thu, 22 Jan 2004, firstname.lastname@example.org wrote:
> > Hello All,
> > How is TLS_CACERT supposed to work? PADL's
> > tls_cacertfile/tls_checkpeer works for rejecting bad SSL
> > certs, but OpenLDAP's TLS_CACERT/TLS_REQCERT don't seem
> > to do the same -- if TLS_CACERT isn't the cert for the
> > server's CA, no error occurs, whereas I was expecting to
> > see it fail. The absence of TLS_CACERT allows all
> > connections as well, only pointing TLS_CACERT to a
> > directory (as an expecting-failure test) will cause the
> > connection to fail.
> > Any suggestions? I am trying to supply a single CA cert
> > to OpenLDAP so as to use self-signed certs legitimately
> > (which works fine with PADL's pam/nss libs).
> What version are you running?