Robert Heller wrote:
All of the how tos I am finding (including RedHat's!) don't
Unfortunately the libnss wrapper code re-uses the directives
TLSCACertificatePath, TLSCertificateFile and TLSCertificateKeyFile in a
So when using the RHEL/CentOS packages linked to libnss you should read
slapd.conf(5) or slapd-config(5) more carefully, especially the text
after "When using Mozilla NSS..".
P.S.: I consider this abuse of well-known TLS config directives for
other purposes to be a real deficiency of the crypto lib wrappers for
libnss and GnuTLS. Library-specific configuration options should be just
that: Library-specific with their own specific name.