Re: (ITS#5981) TLSVerifyClient try setting fails with GnuTLS

Sunday, 1 March 2009

peter(a)adpm.de wrote:
...
 Full_Name: Peter Marschall
 Version: 2.4.15
 OS: Linux
 URL: ftp://ftp.openldap.org/incoming/Peter-Marschall-090301.patch
 Submission from: (NULL) (92.75.56.86)

 Hi,

 when OpenLDAP 2.4.15 is compiled with GnuTLS, then setting
    TLSVerifyClient Try
 in slapd.conf makes TLS connections without certificates impossible.

 This is caused by incomplete decoding in tls_g.c

 The patch in ftp://ftp.openldap.org/incoming/Peter-Marschall-090301.patch
 fixes this issue together with a few other little cleanups:
 - remove unused variables (less compiler warnings)
 - use correct types (less compiler warnings)
 - detect failed calls for activation/exiration functions to
    avoid giving wrong information

 Please consider adding this patch to OpenLDAP 
Thanks for the patch, committed to HEAD.
...

 Regards
 Peter

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006