I created a PPA with patched openldap packages for wily and xenial. If
you would like to test them, there is more information in bug 1557248.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1547927

Title:
  LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and
  STARTTLS

Status in openldap package in Ubuntu:
  Confirmed

Bug description:
  Tested with vivid and wily...
  also logged with openldap as 
http://www.openldap.org/its/index.cgi/Incoming?id=8374

  
  The handling of the LDAP_OPT_X_TLS_REQUIRE_CERT option appears to be different
  between servers accessed via ldaps:// and ldap:// (plus STARTTLS) URIs.

  When accessing server with a self-signed certificate, the results are:

  
  ldaps://

  never    OK
  hard     Error: can't contact LDAP server
  demand   Error: can't contact LDAP server
  allow    OK
  try      Error: can't contact LDAP server

  
  ldap:// plus explicit ldap_start_tls_s()

  never    OK
  hard     OK
  demand   OK
  allow    OK
  try      OK

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1547927/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to