Re: (ITS#7206) ldaprc: TLS_REQCERT demand does not terminate session, if a bad certicate comes from the server
14 Mar
2012
14 Mar
'12
3:58 a.m.
mkeller@psi.de wrote:
Full_Name: Michael Keller Version: 2.4.20 OS: SLES 11 SP1 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (95.131.98.154)
I have configured slapd to accept only TLS connections with:
security ssf=1 update_ssf=112 simple_bind=64
A ldapsearch -x returns correctly a "# search result search: 2 result: 13 Confidentiality required text: confidentiality required"
When using TLS_REQCERT=demand a ldapsearch -x -Z still returns results, even if a bad certificate comes from the server. See debug output below. ldapsearch -x -Z
Works as designed. Read the description for the -Z flag again. Closing this ITS.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
4636
Age (days ago)
4636
Last active (days ago)
0 comments
1 participants
participants (1)
-
hyc@symas.com