[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: RE24 testing call (2.4.45) LMDB RE0.9 testing call (0.9.20)
- To: Quanah Gibson-Mount <quanah@symas.com>, openldap-technical@openldap.org
- Subject: Re: RE24 testing call (2.4.45) LMDB RE0.9 testing call (0.9.20)
- From: "A. Schulze" <sca@andreasschulze.de>
- Date: Thu, 9 Feb 2017 21:43:34 +0100
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=andreasschulze.de; s=ybz; t=1486673091; bh=6XPsS/3kryD5warBei5OjfcjQCF1sk/aVY2UhL4lh1g=; h=Subject:To:References:From:Date:In-Reply-To; b=dJAWYbNJHp2EUB5OIVtxYqAcbhG4fXV2V3NCf6ZU0hu6wWjKA2D8giCYzPeGhjHD4 noagNzuIZZerL3D8DJVw7bngWTAxCDnu0oxBNh2nK7KQPn1ZlGNXKNCdXjh9xaAoRO H3Puj/BqQh0H7u0eQ4yRVEEFawb4M0seZoDsRGkwfFVLB8Wc3IIupGymHKIKEbF/eM v93MqYU2u6RKxKCyLXv67vq+5g0O/7ZatYxwDViwEUnTjdETz90hjZolof64V8zt3m 75rClLdTvsLgLrYM+Jx1qmcvIe89hKXIj/xvirMQ3znYvvoT5NvHB7JNqBHbNQeExy eQm0RRWc+pSFw==
- In-reply-to: <0EB836D4A3B56CC8A52531D7@[192.168.1.30]>
- References: <ED38F9D4DE1C79C42B095763@[192.168.1.30]> <1dbdbf1d-8384-3ba6-ac42-99b425003f12@andreasschulze.de> <WM!77b8f73e7cb893c957580018ba19a9e397e0883c0974298e0501f9772d6b7739905db338c5886e2fec82acbb53e2096e!@mailstronghold-1.zmailcloud.com> <0EB836D4A3B56CC8A52531D7@[192.168.1.30]>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1
Am 09.02.2017 um 20:54 schrieb Quanah Gibson-Mount:
> Please see the slapd.conf(5) or slapd.conf(5) man pages, which clearly state:
>
> TLSCACertificateFile <filename>
> Specifies the file that contains certificates for all of the
> Certificate Authorities that slapd will recognize.
>
> Note "That *slapd* will recognize". The server cannot and will not provide the cert chains to clients as that is a massive security risk. Clients can and must be configured with the list of CAs *they* will trust when the server provides the cert.
that's not the issue. A TLS server sent it's certificate and all intermediates EXCLUDING the self signed root to the client.
This is not true for my setup and I don't know why: misconfiguration or wrong ssl implementation.
Andreas