Graham Leggett wrote: > On 19 Dec 2023, at 12:45, Graham Leggett <minf...@sharp.fm> wrote: > >> A search in the openldap source shows we don’t yet support the OpenSSL3 >> provider OSSL_STORE_open() call, which takes a URL as a parameter. >> >> I’m happy to patch the openldap client to support this, would it make sense >> to add a LDAP_OPT_X_TLS_URL option to ldap_option_set()? > > Patch available here: > > https://bugs.openldap.org/show_bug.cgi?id=10149
Looks a bit like a chicken'n'egg situation, why should anyone trust the connection that was used to retrieve certs and keys from the designated URI? > > This allows replication in 389ds to be fixed, with the patch available here > for anyone interested: > > https://github.com/389ds/389-ds-base/pull/6021 > > Regards, > Graham > — > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
