https://issues.apache.org/bugzilla/show_bug.cgi?id=50630
Andrew Daviel <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW --- Comment #8 from Andrew Daviel <[email protected]> 2011-09-28 19:08:20 UTC --- I have seen this on httpd.2.15-9 on SL 6.1 (RHEL 6.1 recompile) with openssl-1.0.0 and openldap-2.4.23 Openldap now checks the certificate chain against a certificate bundle. On RHEL6 this is located in /etc/pki/tls/certs/ca-bundle.crt Openldap reads a configuration file /etc/openldap/ldap.conf and uses the value of TLS_CACERT to locate this bundle. If it does not locate the bundle, or the LDAP server certificate chains to a root certificate that is not included in the bundle, openldap returns an error. (ldapsearch on the command line returns ldap_start_tls: Connect error (-11) additional info: TLS error -8172:Unknown code ___f 20 With the "-d 1" option, it says that the server certificate is not valid.) >From the point of view of mod_authnz_ldap, I infer that the module is not properly handling an error return from the LDAP library. It should generate an error message in the webserver log to give the server admin a clue to the real problem. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
