[Pkg-openldap-devel] Bug#462588: Bug#462588: Fails to start slapd ldaps:/// on upgrade
Steve Langasek
vorlon at debian.org
Sat Feb 9 02:06:40 UTC 2008
On Fri, Feb 08, 2008 at 05:12:05PM -0800, Steve Langasek wrote:
> Ok, I can reproduce this problem. There are two remaining issues here, that
> I can see:
> - the behavior of "TLS_REQCERT allow" appears to be equivalent to
> "TLS_REQCERT try" in its handling of wrong certificates
I've looked deeper into this, and find that this is not a regression. The
ldapsearch from OpenLDAP 2.3 linked against OpenSSL would also abort the
connection if given a certificate that didn't match the requested hostname.
If you (or someone else) think this behavior is wrong, please file a
separate bug report; otherwise I defer to the existing upstream behavior.
> - with GnuTLS, subjectAltName values are not being validated properly
And this one is now fixed in subversion.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek at ubuntu.com vorlon at debian.org
More information about the Pkg-openldap-devel
mailing list