--On Tuesday, August 08, 2006 8:23 PM -0600 "Berg, Michael"
<[EMAIL PROTECTED]> wrote:
I spent some more time debugging, and here is some additional info.
I ran slapd with debugging again ('-d 7' to match the previous ldapsearch
debug output), and this time I spotted something that I must have missed
before.
In the interest of space, I removed the pages-upon-pages of output
generated from parsing the schema files. The first line in the attached
debug output is when slapd is opening the Certificate Authority's public
cert. I've also inserted some blank lines and comments (started with a #
character) into the debug output to show relevant events.
Toward the end, there are error messages about:
"TLS trace: SSL_accept:error in SSLv3 read client certificate A"
and
"TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not
return a certificate s3_srvr.c:2455"
This supports the web searches that tied ldapsearch's error of
"error:14094410:SSL" to client certificates. But as previously stated, I
have "TLSVerifyClient never" specified in my slapd.conf (maybe it's not
being respected when running as non-root though).
Anyway, I hope this helps in tracking down the problem. As always, if
there is any additional info I can provide that would help, just let me
know.
This error is coming straight from the OpenSSL libraries. Have you tried
connecting with openssl s_client?
<http://www.openldap.org/lists/openldap-software/200409/msg00242.html>
This link also notes someone hitting this issue in the past.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
