[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: 2.1.22 not accepting self-signed SSL cert

To: "'Jochen Laser'" <jochen.laser@orangetraining.de>, <adamtheo@theoretic.com>
Subject: RE: 2.1.22 not accepting self-signed SSL cert
From: "Howard Chu" <hyc@symas.com>
Date: Mon, 10 Nov 2003 04:09:23 -0800
Cc: <openldap-software@OpenLDAP.org>, <dieter@dkluenter.de>
Importance: Normal
In-reply-to: <20031110110916.6ec89dcc.jochen.laser@orangetraining.de>

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Jochen Laser

> On Mon, 3 Nov 2003 19:23:45 -0600 (CST)
> <adamtheo@theoretic.com> wrote:
> > I have included the TLS_CACERT directive in my /etc/ldap.conf but I am
> > still getting the same results. Ant other debugs I can provide? Thanks.

>  I experienced the same,but as I understand this now, this
> "bug" is a feature
>  that didn't make it  into the documentation of 2.1.22.

>  You might want to have a look at ITS #2697 where this is discussed.
>  These TLS_* Options are "user-only" and  must be
>  specified in the ldprc files or the environment rather than
> in /etc/.../ldap.conf

No. The TLS_CACERT directive is not "user-only" - it can and generally should
be set in the system-wide config file. However, that file is
/usr/local/etc/openldap/ldap.conf by default, *NOT* /etc/ldap.conf. The
OpenLDAP library does not use /etc/ldap.conf.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

Follow-Ups:
- Re: 2.1.22 not accepting self-signed SSL cert
  - From: Jochen Laser <jochen.laser@orangetraining.de>

References:
- Re: 2.1.22 not accepting self-signed SSL cert
  - From: Jochen Laser <jochen.laser@orangetraining.de>

Prev by Date: Re: Searches failing weird
Next by Date: RE: Support for swedish characters
Index(es):
- Chronological
- Thread