rpms/openldap
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
main-riscv64
openldap/openldap-openssl-manpage-defaultCA.patch
Simon Pichugin 004e302f0d Update to new major release OpenLDAP 2.6.1 
- rediff all patches and remove patches now upstream
- use upstream source location for check password module
  and rediff patch due to this
- add patch to fix build issue in 2.5.4 (from upstream)
- clean and sort buildreqs
- remove various refs to bdb
- remove now default -DLDAP_USE_NON_BLOCKING_TLS
- add new modules and enable load balancer as module
- disable wiredtired backend due to missing build deps
- don't remove files that don't exist
- let check-config work on *.mdb over legacy files
- remove refs to old-style config
- new soname names
- remove libldap_r link as the library was merged with libldap
- refactor openldap-compat package to support the transition from 2.4
- add UPGRADE_INSTRUCTIONS for openldap-server upgrade

The original patch was submitted by Fedora user - terjeros
https://src.fedoraproject.org/rpms/openldap/pull-request/6

Resolves: #1955293
2022-01-31 14:59:38 -08:00

52 lines
1.9 KiB
Diff
Raw Permalink Blame History

Reference default system-wide CA certificates in manpages
OpenSSL, unless explicitly configured, uses system-wide default set of CA
certificates.
Author: Matus Honek <mhonek@redhat.com>
diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5
index 6084298..3070bb4 100644
--- a/doc/man/man5/ldap.conf.5
+++ b/doc/man/man5/ldap.conf.5
@@ -327,6 +327,9 @@ are more options you can specify. These options are used when an
.B ldaps:// URI
is selected (by default or otherwise) or when the application
negotiates TLS by issuing the LDAP StartTLS operation.
+.LP
+When using OpenSSL, if neither \fBTLS_CACERT\fP nor \fBTLS_CACERTDIR\fP
+is set, the system-wide default set of CA certificates is used.
.TP
.B TLS_CACERT <filename>
Specifies the file that contains certificates for all of the Certificate
diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5
index a559b0c..adda87a 100644
--- a/doc/man/man5/slapd-config.5
+++ b/doc/man/man5/slapd-config.5
@@ -878,6 +878,10 @@ If
.B slapd
is built with support for Transport Layer Security, there are more options
you can specify.
+.LP
+When using OpenSSL, if neither \fBolcTLSCACertificateFile\fP nor
+\fBolcTLSCACertificatePath\fP is set, the system-wide default set of CA
+certificates is used.
.TP
.B olcTLSCipherSuite: <cipher-suite-spec>
Permits configuring what ciphers will be accepted and the preference order.
diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5
index b6e9250..1653a1b 100644
--- a/doc/man/man5/slapd.conf.5
+++ b/doc/man/man5/slapd.conf.5
@@ -1108,6 +1108,10 @@ If
.B slapd
is built with support for Transport Layer Security, there are more options
you can specify.
+.LP
+When using OpenSSL, if neither \fBTLSCACertificateFile\fP nor
+\fBTLSCACertificatePath\fP is set, the system-wide default set of CA
+certificates is used.
.TP
.B TLSCipherSuite <cipher-suite-spec>
Permits configuring what ciphers will be accepted and the preference order.
Reference in New Issue View Git Blame Copy Permalink