openldap-2.4.23-16.el6 is also affected
The patch was already included upstream.
+++ This bug was initially created as a clone of Bug #725819 +++
Description of problem:
Almost the same problem with client side TLS_REQCERT:
Resolved in openldap-2.4.23-17.el6
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
- OpenLDAP server with olcVerifyClient setting set 'allow', or client tool setting TLS_REQCERT set to 'allow'. The remote peer certificate is invalid.
- OpenLDAP server/client connection will fail.
- Patches were applied to ignore invalid remote peer certificates when olcVerifyClient (on server side) or TLS_REQCERT (on client side) is set to allow.
- When server's olcVerifyClient setting is set to 'allow', the server allows the connections from remote clients, even if their client certificates are invalid. When client's TLS_REQCERT is set to 'allow', the client allows the connection to remote server, even if the remote server's certificate is invalid.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.