[Date Prev][Date Next] [Chronological] [Thread] [Top]

why didn't ldap client validate ssl certificate?

To: openldap-technical@openldap.org
Subject: why didn't ldap client validate ssl certificate?
From: leilei175@gmail.com
Date: Wed, 21 Oct 2009 14:18:12 +0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=bzXl4uRmOxF5ZhMC5yIaGu9R2SKb/bdKbS7hxogE23s=; b=RWwb96hrzTmESivAgXBS1V2uiJY9JCdRaVK3PvltILfyFtkvRL1q01y8/14TPTiv13 HmxGkYhGuGPn5XHEcv0eLNwuvCPv+HGJ/+brXHCdG7IxKEYZuCKFIKRz7qITrQb4vJ5a npNyMWm21rcLq6BXer3T1eTk0aMfUu7QsC0GA=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=DKMT4MEzBnoQw4MiQTroTTJ3hI53oR82mWrImbEmUG1EdZQ2vcEjtJJ8KYM2mVU9C6 iBW/+aIMrDDe2ow98DsSoUn4puJmADSqs/ZkU2irodoNaAPK9HM5g0LJvljYjoMkrUT0 Ie7Y0vbd0P4U4ZjbNXmaPegHWY5ubuTjRAs7g=

hi,
I have a question on using tls on ldap.
Hopefully anybody could give a hint on this.

On the client side,I have set the TLS_REQCERT as demand.
The TLS_CACERTDIR is also set, but I didn't put any certificate in the
directory.

To my surprise, even though no certificate is provided,
ldapsearch could still succeed returning the data.

Is this a bug?

the openldap is running on redhat enterprise linux 4, openldap version is
openldap-servers-sql-2.2.13-12.el4
openldap-servers-2.2.13-12.el4
openldap-devel-2.2.13-12.el4
openldap-2.2.13-12.el4
openldap-clients-2.2.13-12.el4

Any idea is appreciated!

Thanks
lei

Follow-Ups:
- Re: why didn't ldap client validate ssl certificate?
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: bug report "ldap_simple_bind_s"
Next by Date: Re: why didn't ldap client validate ssl certificate?
Index(es):
- Chronological
- Thread