[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: tls private key

To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Re: tls private key
From: Alexander Samad <alex@samad.com.au>
Date: Fri, 26 Mar 2010 17:12:41 +1100
In-reply-to: <4BAC35A5.30503@symas.com>
References: <6C447584419BFE4E83D46E88F81314862FAEA762EB@EXCH07-05.apollogrp.edu> <4BAC35A5.30503@symas.com>

On Fri, Mar 26, 2010 at 3:18 PM, Howard Chu <hyc@symas.com> wrote:
> Chris Jacobs wrote:
>>
>> There's one sure fire way to find out...
>>
>> Start it up with a syncrepl, then move the private key, and see if it
>> syncs fine both ways.
>>
>> Wait a day or so, and make a change and see if that synced.
>>
>> If I had to put a dollar on it, if guess that it doesn't need the key
>> after

true, but i thought a quick email to the list would have given me a
quick yeah or nay..


>
> startup. I could be horribly wrong though - I'm not a dev, just a user of
> the
> software.
>
> It probably depends on which crypto library you built with. I'm pretty sure
> OpenSSL and GnuTLS cache the PEM credentials in memory. Not sure what MozNSS
> does. And of course, if you're paranoid, you can build these libraries to
> use smart tokens and leave the credentials there instead.

built with gnutls (debian build)

Thanks

>>
>> :)
>>
>> - chris
>>
[snip]

> --
>  -- Howard Chu
>  CTO, Symas Corp.           http://www.symas.com
>  Director, Highland Sun     http://highlandsun.com/hyc/
>  Chief Architect, OpenLDAP  http://www.openldap.org/project/
>

References:
- Re: tls private key
  - From: Chris Jacobs <Chris.Jacobs@apollogrp.edu>
- Re: tls private key
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: tls private key
Next by Date: syncrepl connection / reconnect
Index(es):
- Chronological
- Thread