Re: (ITS#7206) ldaprc: TLS_REQCERT demand does not terminate session, if a bad certicate comes from the server

Wednesday, 14 March 2012

mkeller(a)psi.de wrote:
...
 Full_Name: Michael Keller
 Version: 2.4.20
 OS: SLES 11 SP1
 URL: ftp://ftp.openldap.org/incoming/
 Submission from: (NULL) (95.131.98.154)

 I have configured slapd to accept only TLS connections with:

 security ssf=1 update_ssf=112 simple_bind=64

 A ldapsearch -x returns correctly a
 "# search result
 search: 2
 result: 13 Confidentiality required
 text: confidentiality required"

 When using TLS_REQCERT=demand a
 ldapsearch -x -Z still returns results, even if a bad certificate comes from the
 server. See debug output below.
 ldapsearch -x -Z 
Works as designed. Read the description for the -Z flag again. Closing this ITS.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006