Quanah Gibson-Mount wrote:
Here's where I've ended up with for ITS#8286. Only 2 real remaining questions if this looks good (olcTLSCertificateKey and olcTLSVerifyClient). Commit is currently https://github.com/quanah/openldap-scratch/commit/efef34db2f36e00a44c3f2dee3851a6faf65a399
TLSCertificateKey is correct.
---------------- servers/slapd/bconfig.c -----------------------
olcTLSCertificateKey -- ??? (Private SYNTAX OID) Shouldn't the SYNTAX be 1.3.6.1.4.1.1466.115.121.1.8? And use certificateExactMatch?
No, a key is not a certificate. Keys are stored in PKCS#8 encoding.
olcTLSCertificateKeyFile -- case exact match olcTLSCipherSuite -- case exact match olcTLSCRLCheck -- case exact match olcTLSCRLFile -- case exact match olcTLSRandFile -- case exact match olcTLSVerifyClient -- case exact match (Shouldn't this be an enum, like olcMemberOfDangling ?)
It already uses a verbmasks struct, same as olcMemberOfDangling.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com