[exim-dev] [Bug 1382] ldap_require_cert has no effect

Top Page
Delete this message
Reply to this message
Author: Todd Lyons
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 1382] ldap_require_cert has no effect
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1382




--- Comment #10 from Todd Lyons <tlyons@???> 2013-09-10 19:58:35 ---
I've assembled a more specific description of the issues involving this option
and the ways in which it is not working:

1) The ldap_require_cert doesn't override the URI TLS setting. Commenting out
the tls_option somewhat nullifies that.
2) The LDAP_OPT_X_TLS_REQUIRE_CERT setting is a global setting, so it should be
using NULL instead of an ldap handle.
3) The start_tls function has a rebinding issue which you have not yet seen
because you haven't gotten it to work right in the first place.

#1 should be addressed by the patch in my gist (previous comment)
#2 is fixed by using NULL for the ldap handle in the ldap_set_options() for the
setting that controls 'certificate required'.
#3 appears to be fixed by the patch in bug 1375. This bug poster has not used
his system in a way yet which will tickle this bug.

Just wanted to clarify all the different issues that these various patches and
test are actually addressing.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email