Re: [patch] Setting ldap_tls_check_peer has no effect with recent openldap versions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


--On Friday, November 11, 2011 5:00 PM +0100 Mario Domgoergen <mdom@xxxxxx> wrote:


OpenLDAP changed their default setting for LDAP_OPT_X_TLS_REQUIRE_CERT
from 0 to 2 in recent versions (haven't checked when). This breaks the
expected effect of ldap_tls_check_peer. The function lak_connect() in
lak.c only changes the default value of LDAP_OPT_X_TLS_REQUIRE_CERT if
lak->conf->tls_check_peer is not 0. So when i set ldap_tls_check_peer to
"no" (aka 0) in /etc/saslauthd.conf, LDAP_OPT_X_TLS_REQUIRE_CERT keeps
its default value of 2 ("demand"). Attached patch solves this problem
at least on debian lenny and squeeze.

I would suggest you file this via the Cyrus-SASL bugzilla:




Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
Zimbra ::  the leader in open source messaging and collaboration

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux