Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48

--On Sunday, July 21, 2019 11:16 PM +0100 Howard Chu hyc@symas.com wrote:

I take this back. Pretty sure we've had this debate before, haven't found it in the list archive.

We explicitly create a fresh TLS context in slapd, to eliminate any ldap.conf initialization defaults.

Ok, so it's GnuTLS that had broken behavior and it was fixed by ITS#8427.

You also noted in IRC that you found the related ITS: https://www.openldap.org/its/index.cgi/?findid=3109

So GnuTLS actually introduced a regression in behavior.

--Quanah

--

Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com