[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4082) TLS broken in OPENLDAP_REL_ENG_2_3_10?

At 11:26 AM 10/12/2005, hyc@symas.com wrote:
>Kurt D. Zeilenga wrote:
>> I have reproduced this problem with a CA-less configuration.
>> The minimum configuration of TLS with X.509 based cipher suites,
>> I believe, is a server certificate and corresponding key file.
>> No CA file/directory is required.
>>   
>Hm... Sounds right.
>> Of course, if you non-X.509 cipher suites, why would any
>> X.509 stuff be needed?
>>   
>
>Good question. You're suggesting we should have left well enough alone 
>and revert ITS#4072?

Well, I'm fine with the revised check I committed a bit ago
for now.  We just might want to have some way to say
"I configured TLS, damn it."

Kurt


>> Kurt
>>
>> At 10:04 AM 10/12/2005, hyc@symas.com wrote:
>>   
>>> kevins@bmrb.co.uk wrote:
>>>     
>>>> On Wed, 2005-10-12 at 08:23 -0700, Kurt D. Zeilenga wrote:
>>>>   
>>>>       
>>>>> Should be fixed in HEAD and OPENLDAP_REL_ENG_2_3.
>>>>> Please test.
>>>>>
>>>>>     
>>>>>         
>>>> Well,
>>>>
>>>> slapd -u ldap -g ldap -h "ldap:// ldaps://"
>>>>
>>>> Does now start.
>>>>
>>>> However,
>>>>
>>>> ldapsearch -ZZ still fails with 
>>>>
>>>> ldap_start_tls: Connect error (-11)
>>>>
>>>> This does work on 2.2.19.  The ldap.conf file is the same as being used
>>>> for 2.2.18 and the slapd.conf is the same except for the schema defs
>>>> (different location, some had changed), the modulepath (obvious reasons)
>>>> and the location of the database files.  In particular my TLS lines are
>>>> identical so I am using the same cert and key files.
>>>>       
>>> HEAD/RE23 works for me. Run ldapsearch with -d7 and/or slapd with -d7 
>>> and see what problems are encountered.
>>>
>>> -- 
>>>  -- Howard Chu
>>>  Chief Architect, Symas Corp.  http://www.symas.com
>>>  Director, Highland Sun        http://highlandsun.com/hyc
>>>  OpenLDAP Core Team            http://www.openldap.org/project/
>>>     
>>
>>
>>
>>   
>
>
>-- 
>  -- Howard Chu
>  Chief Architect, Symas Corp.  http://www.symas.com
>  Director, Highland Sun        http://highlandsun.com/hyc
>  OpenLDAP Core Team            http://www.openldap.org/project/