--On Sunday, July 21, 2019 11:16 PM +0100 Howard Chu <h...@symas.com> wrote:
I take this back. Pretty sure we've had this debate before, haven't found
it in the list archive.
We explicitly create a fresh TLS context in slapd, to eliminate any
ldap.conf initialization defaults.
Ok, so it's GnuTLS that had broken behavior and it was fixed by ITS#8427.
You also noted in IRC that you found the related ITS:
<https://www.openldap.org/its/index.cgi/?findid=3109>
So GnuTLS actually introduced a regression in behavior.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
