[Date Prev][Date Next]
Re: why didn't ldap client validate ssl certificate?
> On the client side,I have set the TLS_REQCERT as demand.
> The TLS_CACERTDIR is also set, but I didn't put any certificate in the
> To my surprise, even though no certificate is provided,
> ldapsearch could still succeed returning the data.
> Is this a bug?
Maybe the root certificate is installed with OpenSSL's default certs.
Those are used if and only if you specify TLS_CACERT - or TLS_CACERTDIR
I presume, but I haven't tested that. See: