Re: SSL/TLS connection on port 389

[Howard Chu <hyc@symas.com>]

Tony Earnshaw wrote:
> Buchan Milne skrev, on 30-01-2008 10:57:
> > > This is encouraging - I guess you are not using the same version of
> > > slapd as I am? (I'm using 2.4.7, which apparently has a bug with
> > > STARTTLS, at least in Debian it does).
> > I don't use Debian, and on production platforms I don't use the packages
> > supplied by the distro, but the rebuilds (which are available at
> > http://staff.telkomsa.net/packages/) of the Mandriva package, for which I am
> > the maintainer. The output in my reply was from my Mandriva 2008.0 x86_64,
> > running the 2.3.38 package supplied with the distro. I will try and test the
> > 2.4.7 packages sometime later today.
>
> FWIW your rhl5 src rpm rebuilt on Fedora FC6 has no problems with ldaps,
> ldap starttls or ldapi; it does everything perfectly normally -
> otherwise I'd have reacted negatively far sooner.

Probably because it still uses OpenSSL, and not GnuTLS like Debian does.

--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP     http://www.openldap.org/project/