--On Friday, June 26, 2009 2:37 PM -0400 Victor Duchovni
<victor.ducho...@morganstanley.com> wrote:
openldap appear to be using gnutls:
> ldd /usr/sbin/slapd | egrep -i '(tls|ssl)'
libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0xb7d01000)
Not sure it is a good idea to mix both in the same address space...
I've only ever tested with LDAP over OpenSSL, not LDAP over GNUTLS.
I don't see any code path in OpenLDAP 2.4.11 that wants a live server
connection for setting the per-connection TLS context. This call should
not be failing.
Mixing them is a very bad idea. Also, there have been numerous fixes to
the GnuTLS support in OpenLDAP since 2.4.11. 2.4.16 should be used
instead. I'd also advise using OpenSSL instead of GnuTLS with your
OpenLDAP build. GnuTLS has too many issues in and of itself, and loading
both into the same process space is not going to go well.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
