[exim-dev] [Bug 1382] ldap_require_cert has no effect

Top Page
Delete this message
Reply to this message
Author: Todd Lyons
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 1382] ldap_require_cert has no effect
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1382




--- Comment #8 from Todd Lyons <tlyons@???> 2013-09-10 19:44:49 ---
Based on the comments in:
http://www.openldap.org/lists/openldap-software/200706/msg00164.html

"The LDAP_OPT_X_TLS_REQUIRE_CERT option can only be set globally and not for
particular LDAP handles. So, you need to invoke ldap_set_option() with a NULL
first argument"

Applying this small change fixes the issue for the bug poster:

<cannonball> Ok, let's test #2 first. change this line:
<cannonball> ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &cert_option);
<cannonball> to
<cannonball> ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &cert_option);
<alxgomz> VICTORY!!! :)
<alxgomz> first setting the option to a NULL handle fixes the issue
<alxgomz> my network dump shows a nice and complete TLS traffic :)
<cannonball> Good job finding that (obscure) openldap post which said exactly
what the error was.

It is unknown if this change needs to be wrapped with #ifdef only for OpenLDAP.
Phil, do you know if other ldap servers behave the same?


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email