[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4072) Feature request: Don't list StartTLS (1.3.6.1.4.1.1466.20037) if not configured correctly

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#4072) Feature request: Don't list StartTLS (1.3.6.1.4.1.1466.20037) if not configured correctly
From: hyc@symas.com
Date: Sun, 9 Oct 2005 14:58:40 GMT

michael@stroeder.com wrote:
> Full_Name: Michael Ströder
> Version: HEAD
> OS: 
> URL: 
> Submission from: (NULL) (83.124.21.23)
>
>
> HI!
>
> I'd like to propose that StartTLS (1.3.6.1.4.1.1466.20037) is not listed in
> rootDSE's attribute supportedExtension if TLS/SSL is not configured correctly.
>
> It seems that listing StartTLS on a non-TLS slapd causes interoperability
> problems with some clients.
>   
What does "not configured correctly" mean? E.g., if invalid files are 
used for the cert/key file options, ldap_pvt_tls_init_def_ctx() will 
fail, and slapd will refuse to startup. What other configurations are 
you concerned with?

-- 
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/

Prev by Date: (ITS#4072) Feature request: Don't list StartTLS (1.3.6.1.4.1.1466.20037) if not configured correctly
Next by Date: Re: (ITS#4035) rootdn incorrect in cn=config backend/database
Index(es):
- Chronological
- Thread