[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Syncrepl can't start ssl session because of refused 'client' certificate



Thibault Le Meur wrote:
Le 11/07/2011 18:29, Rich Megginson a écrit :
I think what is happening is that the syncrepl crypto context is
"inheriting" from the main server crypto context.
Yes, this looks like this.

Yes, that's documented in slapd.conf(5).

   You want it to "inherit" the CA certificate from the main crypto
context but not the server certificate.

Not necessarily. When linked to openssl, openldap used to use the
/etc/openldap/ldap.conf file to read the client-side SSL configuration.

   Please open an ITS for this.  I'll have to figure out how this was
working in openssl.
Done: ITS#6994

Sounds to me like there's no bug here and the ITS report is invalid. If you want separate TLS settings for syncrepl you must put them in the syncrepl directive.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/