[Pkg-openldap-devel] Bug#525605: Bug#525605: libldap-2.4-2: setting LDAP_OPT_X_TLS_REQUIRE_CERT is not handled correctly
Arthur de Jong
adejong at debian.org
Sun Apr 26 10:24:27 UTC 2009
On Sat, 2009-04-25 at 15:47 -0700, Quanah Gibson-Mount wrote:
> There have been numerous changes to how libldap uses TLS entirely
> since 2.4.11, and several fixes specific to GnuTLS as well. I would
> advise you use the very latest from CVS HEAD rather than poking at
> 2.4.11. IIRC, there is one GnuTLS fix not currently in the RE24 code,
> which is why I suggest using HEAD atm. I'll be syncing up RE24 likely
> in the next week or so.
I can probably test with CVS HEAD at some point. I would like to point
out though that this problem is in 2.4.15-1.1 and I just happend to have
2.4.11 source code lying around so I used grep on that a couple of
times.
I will probably test with 2.4.16 once it's out but I'm going to work
around this bug anyway so I won't notice it in normal use any more (I'm
going to set all options globally once anyway).
Btw, is there any reliable way to get more error conditions about what
went wrong with SSL/TLS? I've been digging (in 2.4.11 again) and the
only thing I could come up with setting the debug level, registering a
handler to read the log messages and parse the output. I don't want to
implement that but is there a better way?
Thanks.
--
-- arthur - adejong at debian.org - http://people.debian.org/~adejong --
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20090426/11b16963/attachment.pgp>
More information about the Pkg-openldap-devel
mailing list