Hi Martin, I'm trying to reproduce the bug you reported, in order to determine whether Maciej's patch fixed it or not.
However, a simple C program making the following calls: ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &protocol_version); ldap_initialize(&ld, "ldaps://"); ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert); ldap_simple_bind_s(ld, NULL, NULL); ldap_initialize(&ld, "ldap://";); ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert); ldap_start_tls_s(ld, NULL, NULL); appears to behave as expected for me. Could you please post the program code (any language is fine) that you used to demonstrate the bug? Thanks! ** Changed in: openldap (Ubuntu) Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1547927 Title: LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and STARTTLS Status in openldap package in Ubuntu: Incomplete Bug description: Tested with vivid and wily... also logged with openldap as http://www.openldap.org/its/index.cgi/Incoming?id=8374 The handling of the LDAP_OPT_X_TLS_REQUIRE_CERT option appears to be different between servers accessed via ldaps:// and ldap:// (plus STARTTLS) URIs. When accessing server with a self-signed certificate, the results are: ldaps:// never OK hard Error: can't contact LDAP server demand Error: can't contact LDAP server allow OK try Error: can't contact LDAP server ldap:// plus explicit ldap_start_tls_s() never OK hard OK demand OK allow OK try OK To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1547927/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
