[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8374) LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and STARTTLS

To: openldap-its@OpenLDAP.org
Subject: (ITS#8374) LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and STARTTLS
From: dog@pavlov.com
Date: Fri, 19 Feb 2016 16:02:22 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Martin O'Neal
Version: openldap-2.4.31
OS: ubuntu wily
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (82.68.2.190)


The handling of the LDAP_OPT_X_TLS_REQUIRE_CERT option appears to be different
between servers accessed via ldaps:// and ldap:// (plus STARTTLS) URIs.

When accessing server with a self-signed certificate, the results are:


ldaps://

never    OK
hard     Error: can't contact LDAP server
demand   Error: can't contact LDAP server
allow    OK
try      Error: can't contact LDAP server


ldap:// plus explicit ldap_start_tls_s()

never    OK
hard     OK
demand   OK
allow    OK
try      OK

Prev by Date: Re: (ITS#8373) replica with multiple providers hits errors
Next by Date: Re: (ITS#8374) LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and STARTTLS
Index(es):
- Chronological
- Thread