[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: tls key exchange

To: openldap-software@OpenLDAP.org
Subject: Re: tls key exchange
From: "Thomas Berg" <Thomas.Berg1@gmx.de>
Date: Thu, 24 Jun 2004 15:47:46 +0200 (MEST)
Cc: Buchan Milne <bgmilne@obsidian.co.za>
References: <40DAD6EE.5060407@obsidian.co.za>

> | How can I get the hostname or maybe hostnames onto the cert? I was never
> | asked for it while generating the cert with CA.pl/openssl!
> |
> 
> I mean the Subject's CN should be the hostname you are trying to connect
> to. Never used CA.pl before, but it is usually the only critical
> parameter ...

Which line is it in the openssl.cnf? And how do you create your server cert?

> Well, it still seems to be using a client cert, which is unnecessary.

> | .....
> | TLS trace: SSL_accept:error in SSLv3 read client certificate A
> | TLS trace: SSL_accept:error in SSLv3 read client certificate A
> | .....
> | connection_read(12): unable to get TLS client DN error=49 id=0
> | .....
> | TLS trace: SSL3 alert read:warning:close notify
> | .....

I didn't tell it to use a client cert. In this szenario I didn't even create
any client cert. What option is it in the config files?

Can you tell me your way to configure your ldap server to to things like
those I want it to do?

Thomas

-- 
+++ Jetzt WLAN-Router für alle DSL-Einsteiger und Wechsler +++
GMX DSL-Powertarife zudem 3 Monate gratis* http://www.gmx.net/dsl

References:
- Re: tls key exchange
  - From: Buchan Milne <bgmilne@obsidian.co.za>

Prev by Date: Re: tls key exchange
Next by Date: Re: ACL OK in 2.0/2.1 not OK in 2.2
Index(es):
- Chronological
- Thread