Package: release-notes Severity: normal X-Debbugs-Cc: Ryan Tandy <r...@nardis.ca>
Hi,I just saw this on my daily upgrade of my system. Probably worth mentioning in the release notes.
Paul openldap (2.6.9+dfsg-1~exp2) experimental; urgency=medium The TLS library used for the OpenLDAP packages has changed from GnuTLS toOpenSSL. This affects the set of configuration options available, as well as
the behaviour of some options.If no TLS CA certificates are specified, the system default trust store will now be loaded automatically. If you do not want the default CAs to be used,
you must configure the trusted CAs explicitly.Previously, the TLS_CIPHER_SUITE option accepted a GnuTLS priority string.
Now, the option accepts an OpenSSL cipher list. For information about the cipher list format, see the openssl-ciphers(1) man page.The TLS_CRLFILE option is no longer supported; it is accepted, but silently ignored. Use the TLS_CRLCHECK option instead. The TLS_CACERTDIR option must
also be set.For more information about the libldap configuration, see the ldap.conf(5)
man page. For more information about the slapd(8) configuration, see /usr/share/doc/slapd/README.Debian.gz. -- Ryan Tandy <r...@nardis.ca> Fri, 10 Jan 2025 18:17:14 -0800
OpenPGP_signature.asc
Description: OpenPGP digital signature
