[email protected] wrote: > Full_Name: Andreas Schulze > Version: RE24 testing call (2.4.45) > OS: Linux > URL: ftp://ftp.openldap.org/incoming/andreas-schulze-20170211.patch > Submission from: (NULL) (2001:a60:f0b4:e502:80b6:610b:8fc2:abfe) > > as discussed on the technical ML it's uncommon to put chain certificates in > TLSCACertificateFile or TLSCACertificatePath.
It is explicitly documented. http://www.openldap.org/doc/admin24/tls.html Section 16.2.1.1. You may argue that it is uncommon for people to read the docs but that doesn't constitute a software bug. > In case of a intermediate CA like > "Let's Encrypt Authority X3" it may be wrong becaus the user is forced to > /TRUST/ that intermediate for a unrelated purpose. That doesn't follow. The file used by slapd is only used to authenticate LDAP clients. There is no bug here, this ITS is invalid. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
