[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#5567) v2.4.10 + gnutls: unable to get TLS client DN, works with openssl
dev-zero@gentoo.org wrote:
> Full_Name: Tiziano Müller
> Version: 2.4.10
> OS: Gentoo Linux 2008.0
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (212.126.163.234)
>
>
> I've generated certificates for the server and a client using my own CA.
> The following works:
> * client checks server certificate
> * server checks client certificate
>
> Nevertheless the following keeped appearing in the log:
> 2008-06-18T13:49:13.135510+02:00 localhost slapd[1771]: connection_read(14):
> unable to get TLS client DN, error=-4 id=1
>
> And I was therefore not able to use SASL/EXTERNAL.
>
> When I rebuilt OpenLDAP with OpenSSL instead of GnuTLS it suddenly worked (while
> not changing anything else).
>
> The certificates have been generated using OpenSSL (even though this shouldn't
> matter).
Works fine for me. Most likely your GnuTLS is broken. See ITS#5515. This ITS
will be closed.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/