Re: cannot connect using TLS to localhost

[Michael L Torrie <torriem@cs.byu.edu>]

Good to know.  I'm pretty sure that's it.  I did try forcing gq to connect
to the actual real IP, but the routes and things probably defaulted to
localhost.  (resolved to 127.0.0.1).  Thanks for the tip.  The thing that
changed suddenly for my configuration was that I setup an IP alias for
samba.  That probably inititated my problem.  Since the connection is to
localhost, I'm just running without TLS for now, as sniffing the passwords
would involve compromising the machine anyway.  I figure localhost is
almost secure as the machine itself, so for now that'll be okay.

Michael

On Thu, 7 Jun 2001, Kurt D. Zeilenga wrote:

> At 09:28 AM 6/7/2001, Michael L Torrie wrote:
> >My problem is that on the machine that ldap is running on, I cannot
> >connect using TLS.  gq just spits out and error about not being able to
> >make a TLS connection.  The weird thing is that from any other machine, I
> >can get a tls connection just fine.  I'm running a couple of things that
> >need to be able to bind to LDAP using TLS on the local machine.  I can
> >bind just fine on the local machine if I don't use TLS.  I also suppose
> >that since I'm just connecting via localhost, it doesn't matter if I use
> >TLS or not.  But I'm curious as to why a TLS localhost connection is
> >failing.  both gq and pam_ldap fail.  My gut feeling is that there's
> >something about the certificate, but I don't know.
>
> Likely the certificate was not issued for "localhost".
> See RFC 2829.
>
> Kurt
>