Quanah Gibson-Mount wrote: > Here's where I've ended up with for ITS#8286. Only 2 real remaining > questions if this looks good (olcTLSCertificateKey and olcTLSVerifyClient). > Commit is > currently > <https://github.com/quanah/openldap-scratch/commit/efef34db2f36e00a44c3f2dee3851a6faf65a399>
TLSCertificateKey is correct. > > ---------------- servers/slapd/bconfig.c ----------------------- > olcTLSCertificateKey -- ??? (Private SYNTAX OID) Shouldn't the SYNTAX be > 1.3.6.1.4.1.1466.115.121.1.8? And use certificateExactMatch? No, a key is not a certificate. Keys are stored in PKCS#8 encoding. > olcTLSCertificateKeyFile -- case exact match > olcTLSCipherSuite -- case exact match > olcTLSCRLCheck -- case exact match > olcTLSCRLFile -- case exact match > olcTLSRandFile -- case exact match > olcTLSVerifyClient -- case exact match (Shouldn't this be an enum, like > olcMemberOfDangling ?) It already uses a verbmasks struct, same as olcMemberOfDangling. > > --Quanah > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> > > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
