[patch] Setting ldap_tls_check_peer has no effect with recent openldap versions
Quanah Gibson-Mount
quanah at zimbra.com
Fri Nov 11 13:43:33 EST 2011
--On Friday, November 11, 2011 5:00 PM +0100 Mario Domgoergen <mdom at taz.de>
wrote:
> Hello,
>
> OpenLDAP changed their default setting for LDAP_OPT_X_TLS_REQUIRE_CERT
> from 0 to 2 in recent versions (haven't checked when). This breaks the
> expected effect of ldap_tls_check_peer. The function lak_connect() in
> lak.c only changes the default value of LDAP_OPT_X_TLS_REQUIRE_CERT if
> lak->conf->tls_check_peer is not 0. So when i set ldap_tls_check_peer to
> "no" (aka 0) in /etc/saslauthd.conf, LDAP_OPT_X_TLS_REQUIRE_CERT keeps
> its default value of 2 ("demand"). Attached patch solves this problem
> at least on debian lenny and squeeze.
I would suggest you file this via the Cyrus-SASL bugzilla:
<http://www.cyrusimap.org/mediawiki/index.php/Report_A_Bug>
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
More information about the Cyrus-sasl
mailing list