[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6131) "TLSVerifyClient try" not working with GNU TLS

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6131) "TLSVerifyClient try" not working with GNU TLS
From: subbarao@computer.org
Date: Mon, 1 Jun 2009 18:50:56 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Howard Chu wrote:
> This bug report makes no sense; the code you quoted is not part of 
> OpenLDAP 2.4.16. The relevant code is in function tlsg_session_accept() 
> in tls_g.c, and there is no such bug in that function.

Well, according to the CVS head branch, the code that I cited in tls.c 
is still there:

http://www.openldap.org/devel/cvsweb.cgi/~checkout~/libraries/libldap/tls.c?rev=1.167&hideattic=1&sortbydate=0

But I certainly defer to your knowledge of which code is relevant -- I 
was just looking around for a possible explanation to the problem that 
I'm encountering.

I double-checked the version that I was running and it's actually 
2.4.15, not 2.4.16. Would there be a significant difference between 
these two versions with respect to TLS certificate handling? Again, here 
is the error I'm getting on the server side with TLSVerifyClient set to 
"try" and I do an ldapsearch over SSL without a client certificate:

TLS: gnutls_certificate_verify_peers2 failed -49
TLS: can't accept: (unknown error code).
connection_read(24): TLS accept failure error=-1 id=3, closing

Thanks,

	-Kartik

Prev by Date: (ITS#6157) unAbandonable operations aren't.
Next by Date: Re: (ITS#6131) "TLSVerifyClient try" not working with GNU TLS
Index(es):
- Chronological
- Thread