Bug#979995: There should be a sensible compile time default for the location of the file that contains trusted CA certificates

2021-01-14 Thread Andras Korn
On Wed, Jan 13, 2021 at 05:12:39PM -0800, Ryan Tandy wrote: Hi, > > Can you somehow make the library complain very loudly when an attempt is > > made to use CACERTDIR, but the setting is ignored? > > This is not sarcastic, but a good faith question: if it had printed > something to stderr, would

Bug#979995: There should be a sensible compile time default for the location of the file that contains trusted CA certificates

2021-01-13 Thread Ryan Tandy
On Wed, Jan 13, 2021 at 01:27:52PM +0100, Andras Korn wrote: Can you somehow make the library complain very loudly when an attempt is made to use CACERTDIR, but the setting is ignored? This is not sarcastic, but a good faith question: if it had printed something to stderr, would you have seen

Bug#979995: There should be a sensible compile time default for the location of the file that contains trusted CA certificates

2021-01-13 Thread Andras Korn
On Tue, Jan 12, 2021 at 10:47:22AM -0800, Ryan Tandy wrote: > > On 2021-01-12 Andras Korn wrote: > > > I think I shouldn't need to specify `ldap_tls_cacert = > > > /etc/ssl/certs/ca-certificates.crt` when using a Debian package, since > > > this is the default location of trusted CA certificates

Bug#979995: There should be a sensible compile time default for the location of the file that contains trusted CA certificates

2021-01-13 Thread Andras Korn
On Tue, Jan 12, 2021 at 10:47:22AM -0800, Ryan Tandy wrote: Hi, thanks for clearing up some misunderstandings. > On Tue, Jan 12, 2021 at 07:04:41PM +0100, Andreas Metzler wrote: > > On 2021-01-12 Andras Korn wrote: > > > I think I shouldn't need to specify `ldap_tls_cacert = > > > /etc/ssl/cert

Bug#979995: There should be a sensible compile time default for the location of the file that contains trusted CA certificates

2021-01-12 Thread Ryan Tandy
Control: tag -1 moreinfo Hello, On Tue, Jan 12, 2021 at 07:04:41PM +0100, Andreas Metzler wrote: On 2021-01-12 Andras Korn wrote: I think I shouldn't need to specify `ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt` when using a Debian package, since this is the default location of trust

Bug#979995: There should be a sensible compile time default for the location of the file that contains trusted CA certificates

2021-01-12 Thread Andreas Metzler
Control: retitle -1 cacertdir not implemented for gnutls Control: reassign -1 libldap-2.4-2 2.4.56+dfsg-1 On 2021-01-12 Andras Korn wrote: > Package: libgnutls30 > Version: 3.7.0-3 > Severity: wishlist > Hi, > I was just bitten by https://github.com/SSSD/sssd/issues/5444. > Briefly: > * sssd

Bug#979995: There should be a sensible compile time default for the location of the file that contains trusted CA certificates

2021-01-12 Thread Andras Korn
Package: libgnutls30 Version: 3.7.0-3 Severity: wishlist Hi, I was just bitten by https://github.com/SSSD/sssd/issues/5444. Briefly: * sssd relies on libldap to query LDAP servers. * libldap can be linked against libssl (openssl) or gnutls for SSL/TLS support. * libssl supports an ldap_tls_c