On Thu, Nov 13, 2014 at 06:04:18PM +0100, Quanah Gibson-Mount via RT wrote:
> Like it or not, s_client is generally the de facto tool for testing > starttls via the openssl command line. > > In addition, the work to add support for startTLS and ldap is rather > trivial, and has already been done: > > <https://groups.google.com/forum/#!topic/mailing.openssl.users/1OOwXp45iIw> > > It would be invaluable to have this support in OpenSSL to admins around the > world. This subject comes up repeatedly because people expect it to work. It is possible to script this with Perl and Net::SSLeay. The s_client command will not once connected "speak" LDAP, not even to the extent of being able to SASL authenticate or report which mechanisms are available. Personally, I would prefer to see support for reporting TLS features of LDAP servers as a verbosity feature in ldapsearch or similar. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
