[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL3 alert write:fatal:unknown CA



Am Donnerstag, 26. Juni 2003 23:47 schrieben Sie:
> --On Thursday, June 26, 2003 11:41 PM +0200 Pierre Burri
>
> <pierre@globeall.de> wrote:
> > Am Donnerstag, 26. Juni 2003 23:27 schrieben Sie:
> >> --On Thursday, June 26, 2003 11:00 PM +0200 Pierre Burri
> >>
> >> <pierre@globeall.de> wrote:
> >> > Hi Kent,
> >> > I looked in your excellent Document OpenLDAP_TLS_howto, also because
> >> > Quanah  Gibson-Mount mentioned it.
> >> >
> >> > In Chapter 7 Using TLS you give the following example:
> >> >
> >> > ldapsearch -x -b 'dc=myserver,dc=com' -D
> >> > "cn=Manager,dc=myserver,dc=com" '(objectclass=*)' -H
> >> > ldaps://myserver.com -W -ZZ
> >> >
> >> > I thought TLS was working on port 389 and only SSL was using ldaps://
> >> > If that's true the command would be:
> >>
> >> Pierre, SSL and TLS are essentially the same thing.  OpenLDAP does
> >> SSL+TLS on port 389.  By specifying ldaps://, you request that it make
> >> an encrypted call to the OpenLDAP server, via SSL/TLS encryption.
> >>
> >> --Quanah
> >
> > I'm getting mixed up now...
> > on my test machine, with the combination -Z and -H ldaps://   I get the
> > following error message:
> > ldap_start_tls: Operation error (1)
> > 	additional info: TLS already started
> > ---
> > -Z and -h hostname or -H ldaps://hostname without -Z doesn't produce any
> > error  messages.
> >
> > we'll continue tomorrow, I have to go to bed  now
> > good night, Pierre
>
> Pierre,
>
> That is you can specify one OR the other, but not both, because they both
> do the same thing.
>
> I.e., either use -Z, or use ldaps://
>
> --Quanah
>
Quanah,
That's is exactly  what I thought but wasn't sure anymore after your previous 
email.
Cheers, Pierre