RE: unknown CA

["Howard Chu" <hyc@highlandsun.com>]

I have just this afternoon committed the support for the TLSCACertPath.
If you pull the latest version of libldap/tls.c from CVS you'll get it.
(But in general, you are of course welcome to fix/write anything you wish.)

As for the unknown CA problem, you need to configure your LDAP clients to
use the certs as well. It looks like you have only configured slapd so far.

You probably need to add this
	TLS_CACERT /usr/local/openldap/etc/certs/CA_pubkey.pem)
to your /usr/local/openldap/etc/ldap.conf file.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support 

> -----Original Message-----
> From: Tarassov Vadim [mailto:Vadim.Tarassov@winterthur.ch]
> Sent: Friday, June 14, 2002 4:31 AM
> To: 'Howard Chu'; Tarassov Vadim; OpenLDAP-software@OpenLDAP.org
> Subject: AW: unknown CA
> 
> 
> Hallo Howard,
> 
> Do you mind if I will fix it? And look, I believe there is 
> something wrong with
> 
> openldap 2.1.2, openssl 1.9.6d 
> 
> if build together on solaris 2.6 with forte 6 update 1. I was 
> struggling few hours with those fancy error messages I've 
> described before, but could not find anything besides of the fact 
> that s_client and s_server do work well with the same 
> certificates. Thus, I will have to investigate this problem. I 
> will inform you regardless to if I will have success or not.
> 
> Cheers, Vadim Tarassov.