man ldap.conf says:
"never The client will not request or check any server certificate."
It seems that never means it will never check any server certificate (even if given one). I'm assuming there are no exceptions here and that "never" really does mean "never".
Back to the version I'm using, which is 2.2.17. If Howard Chu is correct, this functionality should be in my version ... if the functionality was added in April 2003 ... because 2.2.17 was released in Sep 2004. Or was that date wrong? I tried looking at the versions 1, 2, and 3 CHANGES files, and I couldn't pin down when it was added.
I'm looking for either (1) my version is definately too old and it simply does not have this functionality, or (2) I'm doing something wrong, and what I need to do to fix it is XYZ.
Thanks, - Jeremiah
On 10/18/06, Dieter Kluenter dieter@dkluenter.de wrote:
"Jeremiah Martell" inlovewithgod@gmail.com writes:
Dieter,
Thanks for the response. However, why should I have to do this if I have "TLS_REQCERT never" in my ldap.conf file? Shouldn't that mean openldap doesn't request, check, verify, etc any certificates?
Right, the client does not request for a certificate, but if the server presents one, it of course is beeing checked, man ldap.conf(5) and man slapd.conf(5)
-Dieter
-- Dieter Klünter | Systemberatung http://www.dkluenter.de N 53°37'10.08" E 10°08'02.82" GPG Key ID:8EF7B6C6