Skip to content

LDAP: permit overriding the CA root, improve SSL/TLS

feld requested to merge ldap-tls into develop

Testing against a private CA and discovered it can only verify against members of the Mozilla trusted roots. This makes it possible to verify and connect to a server using a private CA.

I thought about making this a Pleroma-wide configuration but there isn't much of a point in doing this for federation. If there's ever a demand for private federation with a custom CA root we could do it, though. There are some good arguments for allowing HTTP and LDAP to have different trust roots too.

Edited by feld

Merge request reports

Loading