[patch] Setting ldap_tls_check_peer has no effect with recent openldap versions
Mario Domgoergen
mdom at taz.de
Fri Nov 11 11:00:34 EST 2011
Hello,
OpenLDAP changed their default setting for LDAP_OPT_X_TLS_REQUIRE_CERT
from 0 to 2 in recent versions (haven't checked when). This breaks the
expected effect of ldap_tls_check_peer. The function lak_connect() in
lak.c only changes the default value of LDAP_OPT_X_TLS_REQUIRE_CERT if
lak->conf->tls_check_peer is not 0. So when i set ldap_tls_check_peer to
"no" (aka 0) in /etc/saslauthd.conf, LDAP_OPT_X_TLS_REQUIRE_CERT keeps
its default value of 2 ("demand"). Attached patch solves this problem
at least on debian lenny and squeeze.
Cheers, Mario
--
"Kauft die taz!"
Seit 1992 ist die taz eine Genossenschaft. Mittlerweile sichern
mehr als 10.000 GenossInnen die Unabhängigkeit der Zeitung.
Infos unter www.taz.de, geno at taz.de, Tel: 0 30 - 2 59 02 - 213
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix_ldap_tls_check_peer.patch
Type: text/x-diff
Size: 714 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20111111/1ef05b4c/attachment.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
Url : http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20111111/1ef05b4c/attachment-0001.bin
More information about the Cyrus-sasl
mailing list