Hi,
Andreas Hasenack [EMAIL PROTECTED] writes:
I reviewed ITS#4082 and I have that patch applied in tls.c (I'm running
2.3.11
which has it). However, I still get TLS errors when using ldapsearch -ZZ:
connection_get(13)
connection_get(13): got connid=0
connection_read(13): checking for
Em Seg 17 Out 2005 06:39, Dieter Kluenter escreveu:
I just experienced the same problem and it took me a few minutes to find
the reason, which resulted in
TLS trace: SSL3 alert read:fatal:certificate expired
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept.
On Mon, Oct 17, 2005 at 10:39:15AM +0200, Dieter Kluenter wrote:
I just experienced the same problem and it took me a few minutes to find
the reason, which resulted in
TLS trace: SSL3 alert read:fatal:certificate expired
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS:
If I run ldapsearch from another machine which has another version of
openldap that is not 2.3.11 nor 2.3.10, then it works.
So this is against your 2.3.11 slapd, 2.3.11 ldapsearch -ZZ fails while
2.3.10 connects OK (2.3.11 server held constant)?
Do you have identical ldap.conf and/or .ldaprc
On Mon, Oct 17, 2005 at 09:29:57AM -0400, Aaron Richton wrote:
If I run ldapsearch from another machine which has another version of
openldap that is not 2.3.11 nor 2.3.10, then it works.
So this is against your 2.3.11 slapd, 2.3.11 ldapsearch -ZZ fails while
2.3.10 connects OK (2.3.11
On Mon, 2005-10-17 at 10:31 -0200, Andreas Hasenack wrote:
On Mon, Oct 17, 2005 at 10:39:15AM +0200, Dieter Kluenter wrote:
I just experienced the same problem and it took me a few minutes to find
the reason, which resulted in
TLS trace: SSL3 alert read:fatal:certificate expired
TLS
On Mon, Oct 17, 2005 at 10:16:28AM -0400, Samuel Tran wrote:
If I run ldapsearch from another machine which has another version of
openldap that is not 2.3.11 nor 2.3.10, then it works.
On my OL 2.3.11 test servers both SSL and TLS work fine.
We use our own CA certificate to sign our cert
So perhaps the new checks in 2.3.10/11 are blocking self signed
certificates, even with TLS_REQCERT allow? I also tried never,
same result.
Are you setting a TLS_CACERT to your self-signed CA? If not, I'd try that.
I reviewed ITS#4082 and I have that patch applied in tls.c (I'm running 2.3.11
which has it). However, I still get TLS errors when using ldapsearch -ZZ:
connection_get(13)
connection_get(13): got connid=0
connection_read(13): checking for input on id=0
TLS trace: SSL_accept:before/accept