[Date Prev][Date Next]
Re: load balancer with SSL
- To: "Dieter Kluenter" <firstname.lastname@example.org>
- Subject: Re: load balancer with SSL
- From: "Jeremiah Martell" <email@example.com>
- Date: Thu, 19 Oct 2006 09:54:06 -0400
- Cc: OpenLDAP Software List <OpenLDAPfirstname.lastname@example.org>
- Content-disposition: inline
- In-reply-to: <email@example.com>
- References: <firstname.lastname@example.org> <email@example.com> <firstname.lastname@example.org> <email@example.com> <1149866630.28931.7.camel@localhost> <4489BFBC.firstname.lastname@example.org> <email@example.com> <firstname.lastname@example.org> <email@example.com> <firstname.lastname@example.org>
man ldap.conf says:
The client will not request or check any server certificate."
It seems that never means it will never check any server certificate
(even if given one). I'm assuming there are no exceptions here and
that "never" really does mean "never".
Back to the version I'm using, which is 2.2.17. If Howard Chu is
correct, this functionality should be in my version ... if the
functionality was added in April 2003 ... because 2.2.17 was released
in Sep 2004. Or was that date wrong?
I tried looking at the versions 1, 2, and 3 CHANGES files, and I
couldn't pin down when it was added.
I'm looking for either (1) my version is definately too old and it
simply does not have this functionality, or (2) I'm doing something
wrong, and what I need to do to fix it is XYZ.
On 10/18/06, Dieter Kluenter <email@example.com> wrote:
"Jeremiah Martell" <firstname.lastname@example.org> writes:
> Thanks for the response. However, why should I have to do this if I
> have "TLS_REQCERT never" in my ldap.conf file? Shouldn't that mean
> openldap doesn't request, check, verify, etc any certificates?
Right, the client does not request for a certificate, but if the
server presents one, it of course is beeing checked, man ldap.conf(5)
and man slapd.conf(5)
Dieter Klünter | Systemberatung
GPG Key ID:8EF7B6C6