[Pkg-openldap-devel] Bug#513270: doesn't support TLS_CACERTDIR (document)
Peter Palfrader
weasel at debian.org
Tue Jan 27 18:59:18 UTC 2009
Package: libldap-2.4-2
Version: 2.4.11-1
Severity: important
It appears ldap in lenny no longer supports TLS_CACERTDIR.
An effect of linking to gnutls now.
It would be nice if that could get fixed, but for a start could
we *please* document the fact more prominently in ldap.conf(5)?
--- ldap.conf.5 2009-01-27 19:55:54.943702494 +0100
+++ ldap.conf.5.new 2009-01-27 19:58:08.400701684 +0100
@@ -278,7 +278,7 @@
.B TLS_CACERT
is always used before
.B TLS_CACERTDIR.
-This parameter is ignored with GNUtls.
+.B This parameter is ignored with GNUtls. On Debian openldap is linked against GNUtls.
.TP
.B TLS_CERT <filename>
Specifies the file that contains the client certificate.
@@ -301,7 +301,7 @@
Specifies the file to obtain random bits from when /dev/[u]random is
not available. Generally set to the name of the EGD/PRNGD socket.
The environment variable RANDFILE can also be used to specify the filename.
-This parameter is ignored with GNUtls.
+.B This parameter is ignored with GNUtls. On Debian openldap is linked against GNUtls.
.TP
.B TLS_REQCERT <level>
Specifies what checks to perform on server certificates in a TLS session,
@@ -334,7 +334,8 @@
used to verify if the server certificates have not been revoked. This
requires
.B TLS_CACERTDIR
-parameter to be set. This parameter is ignored with GNUtls.
+parameter to be set.
+.B This parameter is ignored with GNUtls. On Debian openldap is linked against GNUtls.
.B <level>
can be specified as one of the following keywords:
.RS
Thanks
More information about the Pkg-openldap-devel
mailing list