[Pkg-openldap-devel] Bug#525605: Bug#525605: libldap-2.4-2: setting LDAP_OPT_X_TLS_REQUIRE_CERT is not handled correctly
Quanah Gibson-Mount
quanah at zimbra.com
Sat Apr 25 22:47:02 UTC 2009
--On Saturday, April 25, 2009 11:14 PM +0200 Arthur de Jong
<adejong at debian.org> wrote:
> Subject: libldap-2.4-2: setting LDAP_OPT_X_TLS_REQUIRE_CERT is not
> handled correctly Package: libldap-2.4-2
> Version: 2.4.15-1.1
> Severity: important
>
> I've been busy tracking down a LDAP/TLS related bug in my package
> (#521617) and found that the correct certificate checks are not done
> correctly if I only set the LDAP_OPT_X_TLS_REQUIRE_CERT option on a
> connection:
> tls_reqcert=LDAP_OPT_X_TLS_NEVER;
> ldap_set_option(NULL,LDAP_OPT_X_TLS_REQUIRE_CERT,&tls_reqcert);
There have been numerous changes to how libldap uses TLS entirely since
2.4.11, and several fixes specific to GnuTLS as well. I would advise you
use the very latest from CVS HEAD rather than poking at 2.4.11. IIRC,
there is one GnuTLS fix not currently in the RE24 code, which is why I
suggest using HEAD atm. I'll be syncing up RE24 likely in the next week or
so.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
More information about the Pkg-openldap-devel
mailing list