Set tls_opt_require_cert to default to NEVER. libldap defaults to DEMAND

author Howard Chu <hyc@openldap.org>

Sat, 4 May 2002 00:07:12 +0000 (00:07 +0000)

committer Howard Chu <hyc@openldap.org>

Sat, 4 May 2002 00:07:12 +0000 (00:07 +0000)
author Howard Chu <hyc@openldap.org>
Sat, 4 May 2002 00:07:12 +0000 (00:07 +0000)
committer Howard Chu <hyc@openldap.org>
Sat, 4 May 2002 00:07:12 +0000 (00:07 +0000)
diff --git a/servers/slapd/main.c b/servers/slapd/main.c

index 62249eeaf2ab5a3f63e9e3e2b98d9d10fe1111c9..b48f222450b9b3552c8c1d58719294718ff3196b 100644 (file)
--- a/servers/slapd/main.c
+++ b/servers/slapd/main.c
@@ -381,6 +381,16 @@ int main( int argc, char **argv )
                 goto destroy;
         }
  
+#ifdef HAVE_TLS
+       /* Library defaults to full certificate checking. This is correct when
+        * a client is verifying a server because all servers should have a
+        * valid cert. But few clients have valid certs, so we want our default
+        * to be no checking. The config file can override this as usual.
+        */
+       rc = 0;
+       (void) ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &rc );
+#endif
+
         if ( read_config( configfile ) != 0 ) {
                 rc = 1;
                 SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 19 );
author	Howard Chu <hyc@openldap.org>
	Sat, 4 May 2002 00:07:12 +0000 (00:07 +0000)
committer	Howard Chu <hyc@openldap.org>
	Sat, 4 May 2002 00:07:12 +0000 (00:07 +0000)