Quanah Gibson-Mount wrote:
Here's where I've ended up with for ITS#8286. Only 2 real
remaining questions if this looks good (olcTLSCertificateKey and olcTLSVerifyClient).
Commit is
currently
<
https://github.com/quanah/openldap-scratch/commit/efef34db2f36e00a44c3f2d...
TLSCertificateKey is correct.
---------------- servers/slapd/bconfig.c -----------------------
olcTLSCertificateKey -- ??? (Private SYNTAX OID) Shouldn't the
SYNTAX be 1.3.6.1.4.1.1466.115.121.1.8? And use certificateExactMatch?
No, a key is not a certificate. Keys are stored in PKCS#8 encoding.
olcTLSCertificateKeyFile -- case exact match
olcTLSCipherSuite -- case exact match
olcTLSCRLCheck -- case exact match
olcTLSCRLFile -- case exact match
olcTLSRandFile -- case exact match
olcTLSVerifyClient -- case exact match (Shouldn't this be an enum, like
olcMemberOfDangling ?)
It already uses a verbmasks struct, same as olcMemberOfDangling.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<
http://www.symas.com>
--
-- Howard Chu
CTO, Symas Corp.
http://www.symas.com
Director, Highland Sun
http://highlandsun.com/hyc/
Chief Architect, OpenLDAP
http://www.openldap.org/project/