[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Phantom certificates?

To: "Andrew D. Arenson" <aarenson@iu.edu>, openldap-technical@openldap.org
Subject: Re: Phantom certificates?
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Wed, 07 May 2014 14:22:07 -0700
Content-disposition: inline; size=1262
Dkim-filter: OpenDKIM Filter v2.9.1 edge01.zimbra.com 0228E4427A
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zimbra.com; s=C2AA288C-EE47-11E2-9BB0-E820BDD9BDBF; t=1399497719; bh=qukSFWXQNNDrZdzbuzC9Mwcdf9EjC2O+T8prbdbhryI=; h=Date:From:To:Subject:Message-ID:MIME-Version:Content-Type: Content-Transfer-Encoding; b=Mdax3ySy/uMMuxUVmzmuaY771SCx5kb/EwSicmzb+wcAJjdRkbu1EE02aZ48fOXDY Wypvo2IZnoAIomf57mPDp+qUHym+H7nZt2mzos8h2qFDv0/WiBb69tHN/8gfSKxEjv BxiVbzKCqJ5lURB46UVaO7K8dlyNlKSUO0k4u1O0=
In-reply-to: <20140507201436.GB22014@biobike.uits.iu.edu>
References: <20140506152647.GA15582@biobike.uits.iu.edu> <C694E75EBCD8232AA0F674EE@[192.168.1.15]> <20140507201436.GB22014@biobike.uits.iu.edu>

--On May 7, 2014 at 4:14:36 PM -0400 "Andrew D. Arenson" <aarenson@iu.edu>wrote:

On Tue, May 06, 2014 at 09:45:17PM -0700, Quanah Gibson-Mount wrote:

--On May 6, 2014 at 11:26:47 AM -0400 "Andrew D. Arenson"
<aarenson@iu.edu> wrote:

>	I am trying to understand how a ldap server's certificate is
> being verified in the absence of the appropriate CA certificates.  I
> have openldap 2.4.23-34 installed.

So I'm guessing you are using RHEL's utterly broken packages for
OpenLDAP. I would advise you to get a real, functioning OpenLDAP
build, or build OpenLDAP yourself.  You can obtain functional builds
from Symas or the LTB project.


        It is, indeed, RHEL. Have you got a pointer to info about how
they are broken?

They link to a non-standard SSL implementation they linked in themselves,for one, that has serious issues (You can search on that if you like)They ship 2.4.23 which is *years* out of date and has many numerous bugsfixed since then (See the change log on the OpenLDAP website)


It should never be used for a production installation.

--Quanah


--
Quanah Gibson-Mount
Server Architect
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Follow-Ups:
- Re: Phantom certificates?
  - From: "Andrew D. Arenson" <aarenson@iu.edu>

References:
- Phantom certificates?
  - From: "Andrew D. Arenson" <aarenson@iu.edu>
- Re: Phantom certificates?
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: Phantom certificates?
  - From: "Andrew D. Arenson" <aarenson@iu.edu>

Prev by Date: Re: Phantom certificates?
Next by Date: Re: Phantom certificates?
Index(es):
- Chronological
- Thread