On Monday 12 September 2011 19:00:08, Howard Chu wrote:

Thanks for passing along the report, but I'm not convinced this is a legitimate issue. Servers that trust each other for replication should accept each other's TLS certificates. As I see it, if their certs aren't working in this configuration then their certificates were created with the wrong usage flags, and this is not an OpenLDAP issue.

You are definitely right. But disabling the options still might be useful for some people. Including the author of the patch. I think it is a very simple change which adds some extra bonus to current functionality. Nothing critical and no regressions are likely.

It would be great, if you could include the patch even if you do not absolutely agree with disabling the client certificate authentication for replication.