Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
orbea -
OpenLDAP
Commits
9282e6ed
Commit
9282e6ed
authored
May 14, 2020
by
Ryan Tandy
Browse files
ITS
#8155
Support cacertdir with GnuTLS
parent
fc8a7b25
Changes
6
Hide whitespace changes
Inline
Side-by-side
configure.in
View file @
9282e6ed
...
...
@@ -1206,10 +1206,10 @@ if test $ol_link_tls = no ; then
if test $ac_cv_header_gnutls_gnutls_h = yes ; then
AC_PREPROC_IFELSE([AC_LANG_SOURCE(
[[#include <gnutls/gnutls.h>]
[#if GNUTLS_VERSION_NUMBER < 0x030
202
]
[#error "GnuTLS
3.2.2 or newer require
d"]
[#if GNUTLS_VERSION_NUMBER < 0x030
306
]
[#error "GnuTLS
is too ol
d"]
[#endif]])],
, [AC_MSG_FAILURE([GnuTLS
is too ol
d])])
, [AC_MSG_FAILURE([GnuTLS
3.3.6 or newer require
d])])
AC_CHECK_LIB(gnutls, gnutls_init,
[have_gnutls=yes], [have_gnutls=no])
...
...
doc/guide/admin/appendix-recommended-versions.sdf
View file @
9282e6ed
...
...
@@ -16,7 +16,7 @@ H2: Dependency Versions
Feature|Software|Version
{{TERM[expand]TLS}}:
|{{PRD:OpenSSL}}|0.9.7+
|{{PRD:GnuTLS}}|
2.12.0
|{{PRD:GnuTLS}}|
3.3.6+
{{TERM[expand]SASL}}|{{PRD:Cyrus SASL}}|2.1.21+
{{TERM[expand]Kerberos}}:
|{{PRD:Heimdal}}|Version
...
...
doc/man/man5/ldap.conf.5
View file @
9282e6ed
...
...
@@ -322,7 +322,6 @@ certificates in separate individual files. The
.B TLS_CACERT
is always used before
.B TLS_CACERTDIR.
This parameter is ignored with GnuTLS.
.TP
.B TLS_CERT <filename>
Specifies the file that contains the client certificate.
...
...
doc/man/man5/slapd-config.5
View file @
9282e6ed
...
...
@@ -877,8 +877,7 @@ will recognize.
Specifies the path of a directory that contains Certificate Authority
certificates in separate individual files. Usually only one of this
or the olcTLSCACertificateFile is defined. If both are specified, both
locations will be used. This directive is not supported
when using GnuTLS.
locations will be used.
.TP
.B olcTLSCertificateFile: <filename>
Specifies the file that contains the
...
...
doc/man/man5/slapd.conf.5
View file @
9282e6ed
...
...
@@ -1111,8 +1111,7 @@ appended to the file; the order is not significant.
.B TLSCACertificatePath <path>
Specifies the path of a directory that contains Certificate Authority
certificates in separate individual files. Usually only one of this
or the TLSCACertificateFile is used. This directive is not supported
when using GnuTLS.
or the TLSCACertificateFile is used.
.TP
.B TLSCertificateFile <filename>
Specifies the file that contains the
...
...
libraries/libldap/tls_g.c
View file @
9282e6ed
...
...
@@ -195,8 +195,20 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
}
if
(
lo
->
ldo_tls_cacertdir
!=
NULL
)
{
Debug0
(
LDAP_DEBUG_ANY
,
"TLS: warning: cacertdir not implemented for gnutls
\n
"
);
rc
=
gnutls_certificate_set_x509_trust_dir
(
ctx
->
cred
,
lt
->
lt_cacertdir
,
GNUTLS_X509_FMT_PEM
);
if
(
rc
>
0
)
{
Debug2
(
LDAP_DEBUG_TRACE
,
"TLS: loaded %d CA certificates from directory `%s'.
\n
"
,
rc
,
lt
->
lt_cacertdir
);
}
else
{
Debug1
(
LDAP_DEBUG_ANY
,
"TLS: warning: no certificate found in CA certificate directory `%s'.
\n
"
,
lt
->
lt_cacertdir
);
/* only warn, no return */
}
}
if
(
lo
->
ldo_tls_cacertfile
!=
NULL
)
{
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment