[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: TLS support in openldap-2.0.x vs 2.1.x

* Alexey Chetroi (debian@twilight.telco.md) wrote:
>  I'd like to know if openldap-2.1.x is going to be packaged for 
> Debian. versions 2.0 which comes with testing and unstable have 

Yes, it is being worked on now.

> some support for TLS connections, but slapd accepts connection
> even if client's cert. cannot be verified by ca's cert. Versions
> 2.1.x works correctly from this point of view with the same configuration
> which was tested on openldap-2.0.27 from Sid branch.

That's correct, that was a change in the openldap source code itself I
believe.  The Debian OpenLDAP 2.1 packages will also verify by default
(though I beleive there's an option in 2.1 to turn it off).

>  I've posted more info openldap maillist, but still no reply
> http://www.openldap.org/lists/openldap-software/200302/msg00268.html

Doesn't suprise me- 2.0 didn't check, 2.1 does so their answer would
likely be move to 2.1..


Attachment: pgpOVuTwrih4X.pgp
Description: PGP signature

Reply to: