https://bugzilla.novell.com/show_bug.cgi?id=757715 https://bugzilla.novell.com/show_bug.cgi?id=757715#c1 --- Comment #1 from Ludwig Nussel <lnussel@suse.com> 2012-04-18 12:00:08 CEST --- The code in libraries/libldap/tls_o.c (or libraries/libldap/tls.c) has a rather weird logic. It tries to set the specified cafile/cadir and if that fails uses openssl's defaults (SSL_CTX_set_default_verify_paths). So if nothing is specified it doesn't use any cafile/cadir. I think the code should be modified to use defaults if nothing is specified and fail if an explicitly specified cafile/cadir cannot be loaded. That way no config change is needed at all (although adding an example line can't hurt either). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.