[Pkg-openldap-devel] Bug#525605: Bug#525605: libldap-2.4-2: setting LDAP_OPT_X_TLS_REQUIRE_CERT is not handled correctly

Quanah Gibson-Mount quanah at zimbra.com
Sat Apr 25 22:47:02 UTC 2009


--On Saturday, April 25, 2009 11:14 PM +0200 Arthur de Jong 
<adejong at debian.org> wrote:

> Subject: libldap-2.4-2: setting LDAP_OPT_X_TLS_REQUIRE_CERT is not
> handled correctly Package: libldap-2.4-2
> Version: 2.4.15-1.1
> Severity: important
>
> I've been busy tracking down a LDAP/TLS related bug in my package
> (#521617) and found that the correct certificate checks are not done
> correctly if I only set the LDAP_OPT_X_TLS_REQUIRE_CERT option on a
> connection:
>   tls_reqcert=LDAP_OPT_X_TLS_NEVER;
>   ldap_set_option(NULL,LDAP_OPT_X_TLS_REQUIRE_CERT,&tls_reqcert);


There have been numerous changes to how libldap uses TLS entirely since 
2.4.11, and several fixes specific to GnuTLS as well.  I would advise you 
use the very latest from CVS HEAD rather than poking at 2.4.11.  IIRC, 
there is one GnuTLS fix not currently in the RE24 code, which is why I 
suggest using HEAD atm.  I'll be syncing up RE24 likely in the next week or 
so.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration





More information about the Pkg-openldap-devel mailing list