21 Oct
2009
21 Oct
'09
4:28 a.m.
leilei175@gmail.com writes:
On the client side,I have set the TLS_REQCERT as demand. The TLS_CACERTDIR is also set, but I didn't put any certificate in the directory.
To my surprise, even though no certificate is provided, ldapsearch could still succeed returning the data.
Is this a bug?
Maybe the root certificate is installed with OpenSSL's default certs.
Those are used if and only if you specify TLS_CACERT - or TLS_CACERTDIR I presume, but I haven't tested that. See: http://www.openldap.org/its/?findid=5582
--
Hallvard