Commit 71aac348 authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

ITS#5360

parent 35eeac3c
......@@ -27,6 +27,7 @@ OpenLDAP 2.4.8 Engineering
Fixed slapd cn=config global acls (ITS#5352)
Fixed slapd truncated cookie (ITS#5362)
Fixed slapd str2entry with no attrs (ITS#5308)
Fixed slapd TLSVerifyClient default (ITS#5360)
Fixed slapd-bdb crash with modrdn (ITS#5358)
Fixed slapd-bdb segv with bdb4.6 (ITS#5322)
Fixed slapd-bdb modrdn to same dn (ITS#5319)
......
......@@ -179,16 +179,6 @@ slap_init( int mode, const char *name )
return 1;
}
#ifdef HAVE_TLS
/* Library defaults to full certificate checking. This is correct when
* a client is verifying a server because all servers should have a
* valid cert. But few clients have valid certs, so we want our default
* to be no checking. The config file can override this as usual.
*/
rc = 0;
(void) ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &rc );
#endif
if ( frontend_init() ) {
slap_debug |= LDAP_DEBUG_NONE;
Debug( LDAP_DEBUG_ANY,
......
......@@ -736,6 +736,13 @@ unhandled_option:;
SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 );
goto destroy;
}
/* Library defaults to full certificate checking. This is correct when
* a client is verifying a server because all servers should have a
* valid cert. But few clients have valid certs, so we want our default
* to be no checking. The config file can override this as usual.
*/
rc = LDAP_OPT_X_TLS_NEVER;
(void) ldap_pvt_tls_set_option( slap_tls_ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &rc );
#endif
rc = slap_init( serverMode, serverName );
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment