Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Ticket 49560 - nsslapd-extract-pemfiles should be enabled by default …
…as openldap is moving to openssl Bug Description: Due to a change in the OpenLDAP client libraries (switching from NSS to OpenSSL), the TLS options LDAP_OPT_X_TLS_CACERTFILE, LDAP_OPT_X_TLS_KEYFILE, LDAP_OPT_X_TLS_CERTFILE, need to specify path to PEM files. Those PEM files are extracted from the key/certs from the NSS db in /etc/dirsrv/slapd-xxx Those files are extracted if the option (under 'cn=config') nsslapd-extract-pemfiles is set to 'on'. The default value is 'off', that prevent secure outgoing connection. Fix Description: Enable nsslapd-extract-pemfiles by default Then when establishing an outgoing connection, if it is not using NSS crypto layer and the pem files have been extracted then use the PEM files https://pagure.io/389-ds-base/issue/49560 Reviewed by: mreynolds Platforms tested: RHEL 7.5 Flag Day: no Doc impact: no Signed-off-by: Mark Reynolds <mreynolds@redhat.com>
- Loading branch information
1 parent
ca8f1fd
commit 8304cae
Showing
3 changed files
with
18 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters