(ITS#8374) LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and STARTTLS

19 Feb 2016


      Full_Name: Martin O'Neal
Version: openldap-2.4.31
OS: ubuntu wily
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (82.68.2.190)
The handling of the LDAP_OPT_X_TLS_REQUIRE_CERT option appears to be different
between servers accessed via ldaps:// and ldap:// (plus STARTTLS) URIs.
When accessing server with a self-signed certificate, the results are:
ldaps://
never    OK
hard     Error: can't contact LDAP server
demand   Error: can't contact LDAP server
allow    OK
try      Error: can't contact LDAP server
ldap:// plus explicit ldap_start_tls_s()
never    OK
hard     OK
demand   OK
allow    OK
try      OK

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

(ITS#8374) LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and STARTTLS