Project

General

Profile

Actions

Bug #6219

closed

Is $ldap->start_tls( verify => 'none') good enough in the ldpweb.cgi?

Added by Jing Tao over 10 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
11/14/2013
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:

Description

Currently when the ldapweb.cgi binds the ldap server, it issue this command to start tls:

$ldap->start_tls( verify => 'none')

Is this command secure enough?

It seems verify can be 'none' | 'optional' | 'require'.

In the line 814, it is #$ldap->start_tls( verify => 'require',
#cafile => '/usr/share/ssl/ldapcerts/cacert.pem');

But they were commented out.

Actions

Also available in: Atom PDF