[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6352) Not all certificates are read if the TLS_CACERTDIR contains broken links

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6352) Not all certificates are read if the TLS_CACERTDIR contains broken links
From: hyc@symas.com
Date: Wed, 28 Oct 2009 22:58:08 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

steffen.gruner@basf.com wrote:
> Full_Name: Steffen Gruner
> Version: 2.3.43
> OS: Gentoo Linux
> URL:
> Submission from: (NULL) (84.171.177.13)
>
>
> If in the TLS_CACERTDIR (/etc/ssl/certs/ on by box) contains broken symbolic
> links the ldapsearch command stops on the first broken link and doesn't use all
> the other certificates.

This functionality is provided by the OpenSSL library; you should file this 
bug report with them. In the meantime, now you know yet another reason why we 
recommend using TLS_CACERT instead of TLS_CACERTDIR.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: (ITS#6354) Regex-based authzTo example in docs, section 15.3.3.1, is incorrect.
Next by Date: Re: (ITS#6352) Not all certificates are read if the TLS_CACERTDIR contains broken links
Index(es):
- Chronological
- Thread