Re: Strange TLS behaviour with slapd 2.3.30 on Debian Etch

[Fabian Steiner <lists@fabis-site.net>]

Howard Chu wrote:
> Fabian Steiner wrote:
> > Of course, I don't want to hijack the OP's thread but as our problems
> > seem to be rather similar I can also provide the corresponding slapd log:
>
> This looks like a simple configuration error; you have slapd configured to
> require client certificates and the client didn't send one. Either you need
> to configure the client with a certificate, or you need to relax the
> requirement on the server.
> [...]

In fact, this was also our first assumption after having analyzed the output 
for the very first time but due to our configuration this should't happen:

[...]
TLSCertificateFile      /etc/ssl-certs/ldap.crt
TLSCertificateKeyFile   /etc/ssl-certs/ldap.key
TLSCACertificateFile    /etc/ssl-certs/ca.crt
TLSVerifyClient never
[...]

Moreover, this wouldn't explain why it /does/ work for some time (as far as 
our case is concerned it works as long as slapd isn't restarted). Once the 
problem has occured the server has to be rebooted in order to ensure a 
working setup again :-(

Thanks,
Fabian