[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ITS#8286 round 2
- To: Quanah Gibson-Mount <quanah@symas.com>, openldap-devel@openldap.org
- Subject: Re: ITS#8286 round 2
- From: Howard Chu <hyc@symas.com>
- Date: Tue, 18 Dec 2018 17:53:50 +0000
- In-reply-to: <842973A21685DB44126F1E3F@[192.168.1.39]>
- References: <842973A21685DB44126F1E3F@[192.168.1.39]>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0 SeaMonkey/2.53
Quanah Gibson-Mount wrote:
> Here's where I've ended up with for ITS#8286. Only 2 real remaining questions if this looks good (olcTLSCertificateKey and olcTLSVerifyClient). Commit is
> currently <https://github.com/quanah/openldap-scratch/commit/efef34db2f36e00a44c3f2dee3851a6faf65a399>
TLSCertificateKey is correct.
>
> ---------------- servers/slapd/bconfig.c -----------------------
> olcTLSCertificateKey -- ??? (Private SYNTAX OID) Shouldn't the SYNTAX be 1.3.6.1.4.1.1466.115.121.1.8? And use certificateExactMatch?
No, a key is not a certificate. Keys are stored in PKCS#8 encoding.
> olcTLSCertificateKeyFile -- case exact match
> olcTLSCipherSuite -- case exact match
> olcTLSCRLCheck -- case exact match
> olcTLSCRLFile -- case exact match
> olcTLSRandFile -- case exact match
> olcTLSVerifyClient -- case exact match (Shouldn't this be an enum, like olcMemberOfDangling ?)
It already uses a verbmasks struct, same as olcMemberOfDangling.
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
>
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/