When enabling TLS the patch only accepts openssl-format options and not
GnuTLS (eg. ldap-tls-crlcheck vs ldap-tls-crlfile), and I'm wondering if
something from my dhcpd.conf could be making GnuTLS be called instead -
I saw gnutls being called in valgrind output:
ldap-server "fusion.strategicit.linuxoz.net";
ldap-port 389;
ldap-ssl start_tls;
ldap-tls-reqcert demand;
ldap-tls-ca-file "/etc/ssl/certs/ssl-cert-local-ca.pem";
ldap-tls-crlcheck all;
ldap-tls-ca-dir "/etc/ssl/certs";
# GnuTLS specific
#ldap-tls-crlfile "/etc/ssl/crl/ssl-cert-local-ca.crl";
ldap-tls-cert "/root/.pki/dhcpd.pem";
ldap-tls-key "/root/.pki/dhcpd.key";
ldap-tls-ciphers "TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:@STRENGTH";
# GnuTLS specific
#ldap-tls-ciphers "256SECURE";
ldap-username "cn=admin,dc=strategicit,dc=linuxoz,dc=net";
ldap-password xxxxxx;
ldap-base-dn "dc=strategicit,dc=linuxoz,dc=net";
ldap-method dynamic;
ldap-debug-file "/var/log/dhcp-ldap-startup.log";
--
Mark Pavlichuk
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
