starlingx/meta-starlingx
Code Issues Proposed changes
meta-starlingx/recipes-support/openldap/files/0015-openldap-man-tls-reqcert.patch
Sar Ashki, Babak 543453460e openldap-config: new package with stx openldap patches
2019-12-05 15:48:00 -08:00

56 lines
2.0 KiB
Diff
Raw Blame History

From 26c18423ab3b7e9100ea915b175c40ed7345df74 Mon Sep 17 00:00:00 2001
From: babak sarashki <babak.sarashki@windriver.com>
Date: Wed, 4 Dec 2019 08:03:25 -0800
Subject: [PATCH] openldap man tls reqcert
From stx 1901: openldap-man-tls-reqcert.patch
From f7027b3118ea90d616d0ddeeb348f15ba91cd08b
---
doc/man/man5/ldap.conf.5 | 18 ++++++++----------
1 file changed, 8 insertions(+), 10 deletions(-)
diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5
index 49f1830a0..313b9c275 100644
--- a/doc/man/man5/ldap.conf.5
+++ b/doc/man/man5/ldap.conf.5
@@ -433,8 +433,8 @@ The environment variable RANDFILE can also be used to specify the filename.
This parameter is ignored with GnuTLS and Mozilla NSS.
.TP
.B TLS_REQCERT <level>
-Specifies what checks to perform on server certificates in a TLS session,
-if any. The
+Specifies what checks to perform on server certificates in a TLS session.
+The
.B <level>
can be specified as one of the following keywords:
.RS
@@ -443,19 +443,17 @@ can be specified as one of the following keywords:
The client will not request or check any server certificate.
.TP
.B allow
-The server certificate is requested. If no certificate is provided,
-the session proceeds normally. If a bad certificate is provided, it will
+The server certificate is requested. If a bad certificate is provided, it will
be ignored and the session proceeds normally.
.TP
.B try
-The server certificate is requested. If no certificate is provided,
-the session proceeds normally. If a bad certificate is provided,
-the session is immediately terminated.
+The server certificate is requested. If a bad certificate is provided, the
+session is immediately terminated.
.TP
.B demand | hard
-These keywords are equivalent. The server certificate is requested. If no
-certificate is provided, or a bad certificate is provided, the session
-is immediately terminated. This is the default setting.
+These keywords are equivalent and semantically same as
+.BR try .
+This is the default setting.
.RE
.TP
.B TLS_CRLCHECK <level>
--
2.17.1
View Git Blame Copy Permalink