[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Syncrepl can't start ssl session because of refused 'client' certificate

On 07/12/2011 05:24 AM, Thibault Le Meur wrote:

Le 12/07/2011 04:34, Rich Megginson a écrit :
working in openssl.
Done: ITS#6994

Sounds to me like there's no bug here and the ITS report is invalid. If you want separate TLS settings for syncrepl you must put them in the syncrepl directive.
   Please open an ITS for this.  I'll have to figure out how this was
My goal for openldap with moznss support is that it will work exactly like openldap with openssl worked - you should not even know (or care) that a different crypto implementation is being used. Since this is not the case with this particular issue, I consider it a bug in the moznss crypto implementation of openldap.

In fact I cannot guarantee that the current behaviour of openldap 2.4.23, when linked to openssl, would be to use a brand new TLS context: indeed my working system uses openldap 2.4.21 linked to openssl. I'll try to test on a Fedora 15 in which OpenLdap may be linked to openssl.
It's not. Fedora 14 and later, and RHEL 6.1 and later, all use openldap (2.4.23 or greater) with moznss instead of openssl.