Hallvard B Furuseth wrote:
back-ldap/bind.c needs "lutil.h" for lutil_strcopy().
Beyond that, passes all tests on Ubuntu --with-tls=gnutls.
Which reminds me, we need some tests that actually exercise TLS. We should add a sample CA cert + server and user cert+key to the test suite. Or maybe generate them on the fly, so we can also set a short lifetime and test expiration and CRL processing. We should test the certificate matching rules as well. (Not sure how much we need to test re: cert validation; we ought to be able to rely on the respective crypto suites to do that already.) At the very least, we ought to be able to set a user cert, authenticate with SASL/EXTERNAL, and verify the output of ldapwhoami.