TLS client certificate pb

[Francois Beretti <francois.beretti@enatel.com>]

Hello all

I am asking for your help again, I am trying to have TLS with client
certificate working but it don't

I generated a client certificate (signed y the CA) that I put in ~/ssl
This certificate is valid :

[francois@linux-integ francois]$ openssl verify -CAfile \
/demoCA/cacert.pem ssl/cert.pem
ssl/cert.pem: OK

In ~/.ldaprc I put :
TLS_CACERT      /demoCA/cacert.pem
TLS_CERT        ~/ssl/cert.pem
TLS_KEY         ~/ssl/privkey.pem

I also have in ldap.conf :
HOST linux-integ.enatel.local

But :

[francois@linux-integ francois]$ ldapsearch -ZZ -x
ldap_start_tls: Connect error (91)

I tried this to get more info :
[francois@linux-integ francois]# openssl s_client -cert ssl/cert.pem \
-key ssl/privkey.pem -CAfile /demoCA/cacert.pem -connect \
linux-integ.enatel.local:389 -tls1
Enter PEM pass phrase:
CONNECTED(00000003)
1786:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:490:

What do you think is going wrong ?

Very thanks in advance

François Beretti