8304cae Ticket 49560 - nsslapd-extract-pemfiles should be enabled by default as openldap is moving to openssl

3 files Authored by tbordaz 6 years ago, Committed by mreynolds 6 years ago,
    Ticket 49560 - nsslapd-extract-pemfiles should be enabled by default as openldap is moving to openssl
    
    Bug Description:
    	Due to a change in the OpenLDAP client libraries (switching from NSS to OpenSSL),
    	the TLS options LDAP_OPT_X_TLS_CACERTFILE, LDAP_OPT_X_TLS_KEYFILE, LDAP_OPT_X_TLS_CERTFILE,
    	need to specify path to PEM files.
    
    	Those PEM files are extracted from the key/certs from the NSS db in /etc/dirsrv/slapd-xxx
    
    	Those files are extracted if the option (under 'cn=config') nsslapd-extract-pemfiles is set to 'on'.
    
    	The default value is 'off', that prevent secure outgoing connection.
    
    Fix Description:
    
    	Enable nsslapd-extract-pemfiles by default
    	Then when establishing an outgoing connection, if it is not using NSS crypto layer
    	and the pem files have been extracted then use the PEM files
    
    https://pagure.io/389-ds-base/issue/49560
    
    Reviewed by: mreynolds
    
    Platforms tested: RHEL 7.5
    
    Flag Day: no
    
    Doc impact: no
    
    Signed-off-by: Mark Reynolds <mreynolds@redhat.com>
    
        
file modified
+16 -16
file modified
+1 -1