Errors in clients moving from 2.0.X to 2.1.X

[Mathias Meisfjordskar <mathias.meisfjordskar@usit.uio.no>]

Hello all!

I have some problems using the latest clients from OpenLDAP
2.1.{2,3}. When binding as a user I get;

2.1.2/bin/ldapsearch -x -ZZ -D "uid=user,dc=domain,dc=no" \
-h server.domain.no -b "dc=domain,dc=no" -s one -v -W 

ldap_init( server.domain.no, 0 )
ldap_start_tls: Connect error (91)
        additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Using 2.0.{23,24,25}(same parameters) everything works perfectly. I
have checked my certificates, and they seem ok.

Errors in debug from slapd(-1):
  03c0:  92 9b 1d 8f 74 90 cc bc  fb 61 78 aa b9 f7 b5 81   ....t....ax.....  
  03d0:  80 c2 ed 41 2c df 4d 85  36 ab 8a 8b da b9 55 99   ...A,.M.6.....U.  
  03e0:  da f6 ee 3a c3 16 03 01  00 04 0e 00 00 00         ...:..........    
TLS trace: SSL_accept:SSLv3 flush data
tls_read: want=5 error=Resource temporarily unavailable
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10)
connection_get(10): got connid=4
connection_read(10): checking for input on id=4
tls_read: want=5, got=5

No such error using 2.0.X clients. Same error using Mac OS X(10.2)
authentication. What is this "error in SSLv3 read client certificate
A" and "tls_read: want=5 error=Resource temporarily unavailable"?

Hope you can help me.


Regards,
-- 
Mathias Meisfjordskar

GNU/Linux addict.
Debian - What your mom would use if it were twenty times easier.