Hi OpenLDAP-Team, I am going through the left-over bugs of libldap2 (which was removed a while ago, being superseded by libldap-2.4-2).
I think, this bug should be closed or tagged wontfix. Rationale: + From my impression, LDAP clients are most often used to connect to a single local server (that's what we use anyway). + AFAIK, libldap will not check for certificate revokations, so this could be a possible security whole. + It would pose a performance penalty for every secure connection (possibly leading to admins turning of TLS). What do you think? Greetings, Torsten -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
