[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5567) v2.4.10 + gnutls: unable to get TLS client DN, works with openssl

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5567) v2.4.10 + gnutls: unable to get TLS client DN, works with openssl
From: hyc@symas.com
Date: Wed, 18 Jun 2008 14:58:24 GMT

dev-zero@gentoo.org wrote:
> Full_Name: Tiziano Müller
> Version: 2.4.10
> OS: Gentoo Linux 2008.0
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (212.126.163.234)
>
>
> I've generated certificates for the server and a client using my own CA.
> The following works:
> * client checks server certificate
> * server checks client certificate
>
> Nevertheless the following keeped appearing in the log:
> 2008-06-18T13:49:13.135510+02:00 localhost slapd[1771]: connection_read(14):
> unable to get TLS client DN, error=-4 id=1
>
> And I was therefore not able to use SASL/EXTERNAL.
>
> When I rebuilt OpenLDAP with OpenSSL instead of GnuTLS it suddenly worked (while
> not changing anything else).
>
> The certificates have been generated using OpenSSL (even though this shouldn't
> matter).

Works fine for me. Most likely your GnuTLS is broken. See ITS#5515. This ITS 
will be closed.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#5566) ACL Documentation Update
Next by Date: Re: (ITS#5561) SEGV using TLS/SASL
Index(es):
- Chronological
- Thread