[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: TLS failing?

--On Monday, May 11, 2015 3:42 PM -0700 Quanah Gibson-Mount <quanah@zimbra.com> wrote:

--On Monday, May 11, 2015 10:31 PM +0000 Albert Braden
<abraden@about.com> wrote:

Hi Quanah,

My concern is that it might be successfully negotiating TLS and then
falling back to cleartext for some reason. I don't understand the
significance of the "ssf=0" line.

It's hard coded:

        /* log authorization identity */
        Statslog( LDAP_DEBUG_STATS,
                "%s BIND dn=\"%s\" mech=%s ssf=0\n",
                op->o_conn->c_dn.bv_val, op->orb_mech.bv_val, 0, 0 );

so what you care about is the preceding lines.

See also <http://www.openldap.org/its/index.cgi/?findid=8140>



Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra ::  the leader in open source messaging and collaboration