[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS_REQCERT and no server certificate

On Tue, Nov 12, 2013 at 2:34 AM, Jan Synacek <jsynacek@redhat.com> wrote:
> TLS_REQCERT <level>
> ...
>    try    The  server  certificate  is  requested. If no certificate is
> provided, the session proceeds normally. If a bad certificate is provided, the
> session is immediately terminated.
> Is the manpage wrong or is there any other way I can test the client with no
> server certificate provided?

While troubleshooting an LDAP issue, I stumbled across an IRC log or
mailing list comment (can't remember exactly) which basically said
that try == hard and the manpage was inaccurate to say anything else
(paraphrased).  I have not perused the openldap server or client code
to verify the accuracy of that statement, but the comment (and your
results) matches my experience when troubleshooting.

The total budget at all receivers for solving senders' problems is $0.
 If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine