enterprise-support team mailing list archive

Thread
Date

[Bug 1547927] [NEW] LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and STARTTLS

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: dog <dog@xxxxxxxxxx>
Date: Sat, 20 Feb 2016 18:08:19 -0000
Reply-to: Bug 1547927 <1547927@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Tested with vivid and wily...
also logged with openldap as http://www.openldap.org/its/index.cgi/Incoming?id=8374


The handling of the LDAP_OPT_X_TLS_REQUIRE_CERT option appears to be different
between servers accessed via ldaps:// and ldap:// (plus STARTTLS) URIs.

When accessing server with a self-signed certificate, the results are:


ldaps://

never    OK
hard     Error: can't contact LDAP server
demand   Error: can't contact LDAP server
allow    OK
try      Error: can't contact LDAP server


ldap:// plus explicit ldap_start_tls_s()

never    OK
hard     OK
demand   OK
allow    OK
try      OK

** Affects: openldap (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to openldap in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1547927

Title:
  LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and
  STARTTLS

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1547927/+subscriptions

Follow ups

[Bug 1547927] Re: LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and STARTTLS
From: Launchpad Bug Tracker, 2018-08-28