--On May 7, 2014 at 4:14:36 PM -0400 "Andrew D. Arenson" <[email protected]>
wrote:
On Tue, May 06, 2014 at 09:45:17PM -0700, Quanah Gibson-Mount wrote:
--On May 6, 2014 at 11:26:47 AM -0400 "Andrew D. Arenson"
<[email protected]> wrote:
> I am trying to understand how a ldap server's certificate is
> being verified in the absence of the appropriate CA certificates. I
> have openldap 2.4.23-34 installed.
So I'm guessing you are using RHEL's utterly broken packages for
OpenLDAP. I would advise you to get a real, functioning OpenLDAP
build, or build OpenLDAP yourself. You can obtain functional builds
from Symas or the LTB project.
It is, indeed, RHEL. Have you got a pointer to info about how
they are broken?
They link to a non-standard SSL implementation they linked in themselves,
for one, that has serious issues (You can search on that if you like)
They ship 2.4.23 which is *years* out of date and has many numerous bugs
fixed since then (See the change log on the OpenLDAP website)
It should never be used for a production installation.
--Quanah
--
Quanah Gibson-Mount
Server Architect
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
