From 2b7410fc41edbd6b5562da15e4c8398c5ce46d5e Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <rhaferkamp@owncloud.com>
Date: Mon, 13 Sep 2021 17:14:27 +0200
Subject: [PATCH] Add Changelog

---
 changelog/unreleased/ldap-tls-insecure.md | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 changelog/unreleased/ldap-tls-insecure.md

diff --git a/changelog/unreleased/ldap-tls-insecure.md b/changelog/unreleased/ldap-tls-insecure.md
new file mode 100644
index 00000000000..86b74ab2eb8
--- /dev/null
+++ b/changelog/unreleased/ldap-tls-insecure.md
@@ -0,0 +1,8 @@
+Enhancement: Safer defaults for TLS verification on LDAP connections
+
+The LDAP client connections where hardcoded to ignore certificate validation
+errors. Now verification is enabled by default and a new config parameter 'insecure'
+is introduced to override that default. It is also possible to add trusted Certificates
+by using the new 'cacert' config paramter.
+
+https://github.com/cs3org/reva/pull/2053