Bug#823232: [Pkg-openldap-devel] Bug#823232: libldap-2.4-2: Cannot connect to LDAP server with invalid (self-signed or non-standard CA signed) certificate

> On May 15, 2016 at 6:13 AM Ryan Tandy wrote: > > > On Mon, May 02, 2016 at 05:44:58PM +0300, Aki Tuomi wrote: > >2. Try connect with openldap -Z -H ldap://server ... > > > >Expected behaviour > >Invalid cert ignored, and TLS continues > > I failed to read this closely enough

Bug#823232: [Pkg-openldap-devel] Bug#823232: libldap-2.4-2: Cannot connect to LDAP server with invalid (self-signed or non-standard CA signed) certificate

On Mon, May 02, 2016 at 05:44:58PM +0300, Aki Tuomi wrote: 2. Try connect with openldap -Z -H ldap://server ... Expected behaviour Invalid cert ignored, and TLS continues I failed to read this closely enough the first time. This is actually not the intended behaviour, though: the meaning of

Bug#823232: [Pkg-openldap-devel] Bug#823232: libldap-2.4-2: Cannot connect to LDAP server with invalid (self-signed or non-standard CA signed) certificate

Control: tag -1 confirmed upstream Control: retitle -1 libldap-2.4-2: default TLS context setup ignores options set on connection Hello, Sorry for the delayed response. On Mon, May 02, 2016 at 05:44:58PM +0300, Aki Tuomi wrote: Most simple usecase: 1. Install slapd with non-default CA signed

Bug#823232: libldap-2.4-2: Cannot connect to LDAP server with invalid (self-signed or non-standard CA signed) certificate

Package: libldap-2.4-2 Version: 2.4.40+dfsg-1+deb8u2 Severity: important Dear Maintainer, The behaviour of OpenLDAP CLI and library appears to be broken. There seems to be no way to allow invalid certificates (despite OpenLDAP library claiming that it should be possible). Most simple usecase: