On Monday 12 September 2011 19:00:08, Howard Chu wrote:
Thanks for passing along the report, but I'm not convinced this
is a
legitimate issue. Servers that trust each other for replication should
accept each other's TLS certificates. As I see it, if their certs aren't
working in this configuration then their certificates were created with
the wrong usage flags, and this is not an OpenLDAP issue.
You are definitely right. But disabling the options still might be useful for
some people. Including the author of the patch. I think it is a very simple
change which adds some extra bonus to current functionality. Nothing critical
and no regressions are likely.
It would be great, if you could include the patch even if you do not
absolutely agree with disabling the client certificate authentication for
replication.
--
Jan Včelák
Base Operating Systems Brno
Red Hat Inc.