[ http://issues.apache.org/jira/browse/DIR-185?page=comments#action_12416034 ]
Joe Ammann commented on DIR-185: -------------------------------- If gpg is based on OpenLDAP, you might have to reduce the LDAP connection security checks that are applied by default. To lower the checks performance by OpenLDAP library, you can set properties in $HOME/.ldaprc TLS_CACERT /path/to/cacert.pem TLS_REQCERT never ldap.conf(5) has more detailed descriptions of the options. I tested this with the GQ client, and setting the appropriate options allowed me to connect with a LDAPS server with a self signed certiticate > ldaps not working with gpg > -------------------------- > > Key: DIR-185 > URL: http://issues.apache.org/jira/browse/DIR-185 > Project: Directory > Type: Bug > Components: miscellaneous > Environment: cygwin gpg (GnuPG) 1.4.1 > Reporter: Ralf Hauser > Assignee: Alex Karasulu > > when doing > myPc> gpg --keyserver ldaps://localhost:2636 --search micky -v > gpg: searching for "micky -v" from ldaps server localhost > gpgkeys: unable to retrieve LDAP base: Can't contact LDAP server > gpg: key "micky -v" not found on keyserver > gpg: keyserver internal error > gpg: keyserver search failed: keyserver error > on the server-side, I see > <<7594 [IoThreadPool-1] INFO > org.apache.directory.server.ldap.LdapProtocolProvider$LdapProtocolHandler - > [/127.0.0.1:1808] OPENED > 8016 [IoThreadPool-1] INFO > org.apache.directory.server.ldap.LdapProtocolProvider$LdapProtocolHandler - > [/127.0.0.1:1808] CLOSED > 8016 [IoThreadPool-1] ERROR > org.apache.directory.server.ldap.LdapProtocolProvider$LdapProtocolHandler - > [/127.0.0.1:1808] EXCEPTION: > javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed. > at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:422) > at > org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:494) > at > org.apache.mina.common.support.AbstractIoFilterChain.access$1000(AbstractIoFilterChain.java:52) > at > org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:761) > at > org.apache.mina.filter.ThreadPoolFilter.processEvent(ThreadPoolFilter.java:665) > at > org.apache.mina.filter.ThreadPoolFilter$Worker.processEvents(ThreadPoolFilter.java:421) > at > org.apache.mina.filter.ThreadPoolFilter$Worker.run(ThreadPoolFilter.java:376) > Caused by: javax.net.ssl.SSLException: Received fatal alert: unknown_ca > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166) > at > com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1352) > at > com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1320) > at > com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1482) > at > com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:957) > at > com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:782) > at > com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:674) > at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566) > at > org.apache.mina.filter.support.SSLHandler.unwrapHandshake(SSLHandler.java:675) > at > org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:492) > at > org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:291) > at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:390) > ... 6 more>> > it would be great to know what ca gpg is presenting or what other measures > would make this work... -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
