upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-27 18:19:52 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Set tls_opt_require_cert to default to NEVER. libldap defaults to DEMAND

Browse source 
due to client needs, we change it back here.
This commit is contained in:
Howard Chu 2002-05-04 00:07:12 +00:00
parent 0390a171b9
commit 846a5832bb
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
servers/slapd/main.c
View file

@ -381,6 +381,16 @@ int main( int argc, char **argv )
goto destroy;
}
#ifdef HAVE_TLS
/* Library defaults to full certificate checking. This is correct when
* a client is verifying a server because all servers should have a
* valid cert. But few clients have valid certs, so we want our default
* to be no checking. The config file can override this as usual.
*/
rc = 0;
(void) ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &rc );
#endif
if ( read_config( configfile ) != 0 ) {
rc = 1;
SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 19 );