[EMAIL PROTECTED] wrote: > Full_Name: Arnaud Ebalard > Version: 2.4.10 > OS: Linux (Debian unstable) > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (213.215.50.138) > > > Hi, > > When openldap is linked with gnutls for TLS support, a file containing > CRL in PEM format can be provided (in slapd.conf, using TLSCRLFile > parameter). > > The following code in ldap_int_tls_init_ctx() (librairies/libldap/tls.c) > prevents the daemon to start when the option is used: > > if ( lo->ldo_tls_crlfile ) { > rc = gnutls_certificate_set_x509_crl_file( > ((tls_ctx*) lo->ldo_tls_ctx)->cred, > crlfile, > GNUTLS_X509_FMT_PEM ); > if ( rc< 0 ) goto error_exit; > } > > because gnutls_certificate_set_x509_crl_file() returns the number of CRL > files that have been imported which is stored in rc and returned later > in the function. Caller expects 0, otherwise it reports an error, the > value of rc (below, with 3 CRL in the file) and slapd fails to start: > > .... main TLS init def ctx failed: 3
Thanks, fixed in HEAD. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
