openldap (2.6.9+dfsg-1~exp2) experimental; urgency=medium The TLS library used for the OpenLDAP packages has changed from GnuTLS to OpenSSL. This affects the set of configuration options available, as well as the behaviour of some options. If no TLS CA certificates are specified, the system default trust store will now be loaded automatically. If you do not want the default CAs to be used, you must configure the trusted CAs explicitly. Previously, the TLS_CIPHER_SUITE option accepted a GnuTLS priority string. Now, the option accepts an OpenSSL cipher list. For information about the cipher list format, see the openssl-ciphers(1) man page. The TLS_CRLFILE option is no longer supported; it is accepted, but silently ignored. Use the TLS_CRLCHECK option instead. The TLS_CACERTDIR option must also be set. For more information about the libldap configuration, see the ldap.conf(5) man page. For more information about the slapd(8) configuration, see /usr/share/doc/slapd/README.Debian.gz. -- Ryan Tandy <ryan@nardis.ca> Fri, 10 Jan 2025 18:17:14 -0800
Generated by dwww version 1.16 on Tue Dec 16 05:25:27 CET 2025.