[Pkg-openldap-devel] Bug#225597: How about this bug?
Torsten Landschoff
t.landschoff at gmx.de
Mon Oct 13 19:24:40 UTC 2008
Hi OpenLDAP-Team,
I am going through the left-over bugs of libldap2 (which was removed a while
ago, being superseded by libldap-2.4-2).
I think, this bug should be closed or tagged wontfix.
Rationale:
+ From my impression, LDAP clients are most often used to connect to a single
local server (that's what we use anyway).
+ AFAIK, libldap will not check for certificate revokations, so this could be
a possible security whole.
+ It would pose a performance penalty for every secure connection (possibly
leading to admins turning of TLS).
What do you think?
Greetings, Torsten
More information about the Pkg-openldap-devel
mailing list