On Tue, Nov 12, 2013 at 2:34 AM, Jan Synacek jsynacek@redhat.com wrote:
TLS_REQCERT <level> ... try The server certificate is requested. If no certificate is provided, the session proceeds normally. If a bad certificate is provided, the session is immediately terminated. Is the manpage wrong or is there any other way I can test the client with no server certificate provided?
While troubleshooting an LDAP issue, I stumbled across an IRC log or mailing list comment (can't remember exactly) which basically said that try == hard and the manpage was inaccurate to say anything else (paraphrased). I have not perused the openldap server or client code to verify the accuracy of that statement, but the comment (and your results) matches my experience when troubleshooting.
...Todd