--On Tuesday, August 08, 2006 8:23 PM -0600 "Berg, Michael" <[EMAIL PROTECTED]> wrote:
I spent some more time debugging, and here is some additional info. I ran slapd with debugging again ('-d 7' to match the previous ldapsearch debug output), and this time I spotted something that I must have missed before. In the interest of space, I removed the pages-upon-pages of output generated from parsing the schema files. The first line in the attached debug output is when slapd is opening the Certificate Authority's public cert. I've also inserted some blank lines and comments (started with a # character) into the debug output to show relevant events. Toward the end, there are error messages about: "TLS trace: SSL_accept:error in SSLv3 read client certificate A" and "TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate s3_srvr.c:2455" This supports the web searches that tied ldapsearch's error of "error:14094410:SSL" to client certificates. But as previously stated, I have "TLSVerifyClient never" specified in my slapd.conf (maybe it's not being respected when running as non-root though). Anyway, I hope this helps in tracking down the problem. As always, if there is any additional info I can provide that would help, just let me know.
This error is coming straight from the OpenSSL libraries. Have you tried connecting with openssl s_client?
<http://www.openldap.org/lists/openldap-software/200409/msg00242.html> This link also notes someone hitting this issue in the past. --Quanah -- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]