[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antw: Re: TLS_REQCERT and no server certificate

To: "Todd Lyons" <tlyons@ivenue.com>, "Jan Synacek" <jsynacek@redhat.com>
Subject: Antw: Re: TLS_REQCERT and no server certificate
From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
Date: Wed, 13 Nov 2013 08:02:27 +0100
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Content-disposition: inline
In-reply-to: <CAFG21ogCpL1q4hBU-y1tqLxRML1xrMN3tVkB-qj23mzBUZJGLg@mail.gmail.com>
References: <5282041F.20801@redhat.com> <CAFG21ogCpL1q4hBU-y1tqLxRML1xrMN3tVkB-qj23mzBUZJGLg@mail.gmail.com>

Hi!

"It doesn't do cert chain checking so it will accept self-signed certs."

Even if it does cert chain checking, a self-signed certificate will be accepted! What are you saying?

Regards,
Ulrich


>>> Todd Lyons <tlyons@ivenue.com> schrieb am 12.11.2013 um 14:26 in Nachricht
<CAFG21ogCpL1q4hBU-y1tqLxRML1xrMN3tVkB-qj23mzBUZJGLg@mail.gmail.com>:
> On Tue, Nov 12, 2013 at 2:34 AM, Jan Synacek <jsynacek@redhat.com> wrote:
>> Is the manpage wrong or is there any other way I can test the client with no
>> server certificate provided?
> 
> I forgot to answer the second part.  I just use accept.  With tcpdump,
> you can verify if it is or is not using encryption.  It doesn't do
> cert chain checking so it will accept self-signed certs.
> 
> ...Todd
> -- 
> The total budget at all receivers for solving senders' problems is $0.
>  If you want them to accept your mail and manage it the way you want,
> send it the way the spec says to. --John Levine

Follow-Ups:
- Re: Antw: Re: TLS_REQCERT and no server certificate
  - From: Philip Guenther <guenther+ldaptech@sendmail.com>

References:
- TLS_REQCERT and no server certificate
  - From: Jan Synacek <jsynacek@redhat.com>
- Re: TLS_REQCERT and no server certificate
  - From: Todd Lyons <tlyons@ivenue.com>

Prev by Date: Re: Structural object issues
Next by Date: Antw: Re: TLS_REQCERT and no server certificate
Index(es):
- Chronological
- Thread