I think it falls into the gaps between the various packaging approaches and distributions.
>From the discussions with the OpenLDAP chaps, they were pretty confident that they couldn't replicate the issue with the package built against OpenSSL, plus there was some talk of issue being related to a GNUTLS bug that was resolved. So between the two the thread went dead at that end. To replicate, run up a code snipped that connects to a destination WITH AN INVALID CERT: ldap_initialize ldap_set_option (enumerate the various LDAP_OPT_X_TLS_REQUIRE_CERT values) if uri != ldaps: then ldap_start_tls_s ldap_sasl_bind_s The LDAPS connections fail as expected. The STARTTLS connections all succeed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835181 Title: OpenLDAP LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and ldap:// with STARTTLS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1835181/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
