diff options
| author | Rich Megginson <rmeggins@redhat.com> | 2010-08-18 14:14:17 -0600 |
|---|---|---|
| committer | Rich Megginson <rmeggins@redhat.com> | 2010-08-31 13:35:54 -0600 |
| commit | c5640a92c4f19b4db1159a5d4335e614eee1e3eb (patch) | |
| tree | b7ac53d576a484168e828be049312264a889b7fc | |
| parent | 59ae6fe07d5edc58a5b07ce5bd961b9714157089 (diff) | |
| download | ds-c5640a92c4f19b4db1159a5d4335e614eee1e3eb.tar.gz ds-c5640a92c4f19b4db1159a5d4335e614eee1e3eb.tar.xz ds-c5640a92c4f19b4db1159a5d4335e614eee1e3eb.zip | |
have to use LDAP_OPT_X_TLS_NEVER to defeat cert hostname checking
Even though the ldap.conf man page is not really clear about this,
looking at the code in libraries/libldap/tls2.c:ldap_int_tls_start()
if you don't specify LDAP_OPT_X_TLS_REQUIRE_CERT as
LDAP_OPT_X_TLS_NEVER it will check the hostname
| -rw-r--r-- | ldap/servers/slapd/ldaputil.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ldap/servers/slapd/ldaputil.c b/ldap/servers/slapd/ldaputil.c index 837f23eb..8b8cf94c 100644 --- a/ldap/servers/slapd/ldaputil.c +++ b/ldap/servers/slapd/ldaputil.c @@ -579,7 +579,7 @@ slapi_ldap_init_ext( } else { /* verify certificate only */ #if defined(USE_OPENLDAP) - ssl_strength = LDAP_OPT_X_TLS_ALLOW; + ssl_strength = LDAP_OPT_X_TLS_NEVER; #else /* !USE_OPENLDAP */ ssl_strength = LDAPSSL_AUTH_CERT; #endif /* !USE_OPENLDAP */ |