[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: why didn't ldap client validate ssl certificate?

To: leilei175@gmail.com
Subject: Re: why didn't ldap client validate ssl certificate?
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Wed, 21 Oct 2009 13:28:51 +0200
Cc: openldap-technical@openldap.org
In-reply-to: <82fc30000910202318k5500b598k405c0fda245335c7@mail.gmail.com>
References: <82fc30000910202318k5500b598k405c0fda245335c7@mail.gmail.com>

leilei175@gmail.com writes:
> On the client side,I have set the TLS_REQCERT as demand.
> The TLS_CACERTDIR is also set, but I didn't put any certificate in the
> directory.
> 
> To my surprise, even though no certificate is provided,
> ldapsearch could still succeed returning the data.
> 
> Is this a bug?

Maybe the root certificate is installed with OpenSSL's default certs.

Those are used if and only if you specify TLS_CACERT - or TLS_CACERTDIR
I presume, but I haven't tested that.  See:
  http://www.openldap.org/its/?findid=5582

-- 
Hallvard

Follow-Ups:
- Re: why didn't ldap client validate ssl certificate?
  - From: "Tony G." <tonysk8@gmx.net>

References:
- why didn't ldap client validate ssl certificate?
  - From: leilei175@gmail.com

Prev by Date: why didn't ldap client validate ssl certificate?
Next by Date: Re: why didn't ldap client validate ssl certificate?
Index(es):
- Chronological
- Thread