https://bugs.openldap.org/show_bug.cgi?id=6289
Quanah Gibson-Mount <quanah(a)openldap.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |VERIFIED
Target Milestone|2.6.0 |---
Assignee|hyc(a)openldap.org |bugs(a)openldap.org
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=6289
Howard Chu <hyc(a)openldap.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WORKSFORME
Status|UNCONFIRMED |RESOLVED
--- Comment #4 from Howard Chu <hyc(a)openldap.org> ---
Unable to reproduce. Starting and stopping service works fine, no other events
are in the Windows event log.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=6248
--- Comment #13 from Quanah Gibson-Mount <quanah(a)openldap.org> ---
Commits:
• ff0defdc
by Howard Chu at 2021-07-22T23:54:25+01:00
ITS#6248 fix prev commit tlso_ca_list
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=6248
--- Comment #12 from Howard Chu <hyc(a)openldap.org> ---
(In reply to Howard Chu from comment #10)
> (In reply to Howard Chu from comment #9)
> > Added in master
>
> This in particular needs testing on Windows.
Never mind. The function in question, SSL_add_dir_cert_subjects_to_stack,
which we previously excluded on Windows builds, has been well supported
in OpenSSL since 2004. So, no problem with that particular change.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=6248
--- Comment #11 from Quanah Gibson-Mount <quanah(a)openldap.org> ---
Commits:
• dfcaa3f0
by Howard Chu at 2021-07-22T21:07:21+01:00
ITS#6248 support multiple CAcert dirs
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=6248
--- Comment #10 from Howard Chu <hyc(a)openldap.org> ---
(In reply to Howard Chu from comment #9)
> Added in master
This in particular needs testing on Windows.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=6248
Howard Chu <hyc(a)openldap.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution|--- |TEST
--- Comment #9 from Howard Chu <hyc(a)openldap.org> ---
Added in master
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=6244
--- Comment #7 from Michael Ströder <michael(a)stroeder.com> ---
Thanks for working on this. This module is very useful!
Any chance to see this in 2.5.6? It's still in contrib/ anyway, so downstream
packagers and admins using this know that there's no official support for it.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=6248
--- Comment #8 from Howard Chu <hyc(a)openldap.org> ---
Supporting this will require extra care on the part of the sysadmins. In
particular, we currently send a list of the names of every CA cert that was
configured, to every client, if client cert authentication is configured.
It would probably be a bad idea to send the hundreds of CAs in the default
cert bundle in that case. It only ever makes sense for an LDAP server to
trust and advertise a very small number of CAs. In particular when client
certs are used for authentication, it doesn't make sense to trust certs
from anywhere other than the CA that's signing the client certs.
Given the small scope of trust, it also doesn't make sense to be picking up
trusted CA certs from large numbers of locations.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=6244
Quanah Gibson-Mount <quanah(a)openldap.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |TEST
Status|IN_PROGRESS |RESOLVED
--- Comment #6 from Quanah Gibson-Mount <quanah(a)openldap.org> ---
Commits:
• 92a8025f
by Quanah Gibson-Mount at 2021-07-22T17:12:58+00:00
ITS#6244 - Add "now" dynacl module
--
You are receiving this mail because:
You are on the CC list for the issue.