[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems with TLS on OpenBSD

To: <openldap-software@OpenLDAP.org>
Subject: Re: Problems with TLS on OpenBSD
From: Dieter Kluenter <dieter@dkluenter.de>
Date: Mon, 27 Sep 2004 18:13:55 +0200
In-reply-to: <38014.217.237.184.18.1096295573.squirrel@217.237.184.18> (Heiner Ohm's message of "Mon, 27 Sep 2004 16:32:53 +0200 (CEST)")
References: <38014.217.237.184.18.1096295573.squirrel@217.237.184.18>
User-agent: Gnus/5.1002 (Gnus v5.10.2) XEmacs/21.4 (Rational FORTRAN, linux)

"Heiner Ohm" <ho@risks.de> writes:

> Hello,
>
> i have a big problem with OpenLDAP 2.2.15 and TLS. I compiled it on a OpenBSD
> 3.5 machine with
[...]
> Everything works, TLS...
>
> I created a self-signed certificate (which works fine with other software),
> an added the lines
>
> TLSCertificateFile /etc/openldap/server.pem
> TLSCertificateKeyFile /etc/openldap/server.pem
> TLSVerifyClient never
>
> in my slapd.conf. The slapd starts without Problems and works fine with
> non-ssl connections but when i try to use TLS the following debug message
> appears (slapd -u slapd -g slapd -d 256):
>
> conn=1 fd=15 ACCEPT from IP=10.10.10.1:33552 (IP=0.0.0.0:389)
> TLS: can't accept.
> TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> /usr/src/lib/libssl/ssl/../src/ssl/s3_pkt.c:1052
> conn=1 fd=15 closed
>
>
> Does anyone know where my failure is?

Your client seems not be able to verify the certificate, thus unknown
ca. For more information: 
http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html

-Dieter
-- 
Dieter Klünter | Systemberatung
Tel: +49.40.64861967
Fax: +49.40.64891521
Key ID: 9B13A25650EF4335

References:
- Problems with TLS on OpenBSD
  - From: "Heiner Ohm" <ho@risks.de>

Prev by Date: syncrepl consumer is not honoring authcid
Next by Date: Re: syncrepl consumer is not honoring authcid
Index(es):
- Chronological
- Thread