[Bug 1835181] Re: OpenLDAP LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and ldap:// with STARTTLS

Thanks for all the debug effort! I've gone back and double-checked the code that was causing the failure, and at some point during the testing it had been changed so that the return from ldap_start_tls_s wasn't being checked (as it always returned true), and instead a check was being made against

[Bug 1835181] Re: OpenLDAP LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and ldap:// with STARTTLS

I think it falls into the gaps between the various packaging approaches and distributions. >From the discussions with the OpenLDAP chaps, they were pretty confident that they couldn't replicate the issue with the package built against OpenSSL, plus there was some talk of issue being related to a

[Bug 1835181] Re: OpenLDAP LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and ldap:// with STARTTLS

https://cwe.mitre.org/data/definitions/295.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835181 Title: OpenLDAP LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and ldap://

[Bug 1835181] Re: OpenLDAP LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and ldap:// with STARTTLS

And just to add a real world example. If you use one of the dependent packages (apache, exim, squid, samaba, php, postress etc.) and use LDAP for your auth, then the SSL is worthless and anyone with access to the network can intercept and recover the credentials in the request/response. -- You

[Bug 1835181] Re: OpenLDAP LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and ldap:// with STARTTLS

De nada: my pleasure. Just to make sure that the issue is clear though, it's worth spelling it out. The core of the issue is that in it's present form (and going back multiple distributions) the default configuration for connections using SSL via STARTTLS (which is the norm) does not check the

RE: [Bug 1547927] Re: LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and STARTTLS

I don't think they have: my ticket is still open with them too. :( -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1547927 Title: LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and

RE: [Bug 1547927] Re: LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and STARTTLS

I can check again, but the last time I looked this was still broken ... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1547927 Title: LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between