[Date Prev][Date Next] [Chronological] [Thread] [Top]

Strange ssl certificate checking issue

To: openldap-software@openldap.org
Subject: Strange ssl certificate checking issue
From: Guillaume Rousse <Guillaume.Rousse@inria.fr>
Date: Mon, 08 Feb 2010 13:05:47 +0100
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.7) Gecko/20100122 Mandriva/3.0.1-2mdv2010.1 (2010.1) Thunderbird/3.0.1

Hello list.

That's not really an openldap issue, but I guess its developper knowsopenssl behaviour better then myself: how could a simpledistribution-provided update of root certificates affect the wayopenldap uses my own root certificate ?

Before the update, the root certificate is correctly read from/etc/pki/tls/rootcerts, as per openldap configuration (TLS_CACERTDIRvariable). After the update, the root certificate is still read, butignored, then looked for again in /etc/pki/tls/certs, triggering afailure if not also present/symlinked from there.

The only file change affecting the tool between the two scenarios,according to strace, is /etc/pki/tls/cert.pem, which doesn't containsanything useful in my case. May a syntax error, or a too large size,triggers side-effects ?


Full traces available at
https://qa.mandriva.com/show_bug.cgi?id=57512
--
BOFH excuse #61:

not approved by the FCC

Prev by Date: Re: simple bind with external Kerberos V password store
Next by Date: Re: searching for attributes without index in 2.4.19 with bdb 4.5
Index(es):
- Chronological
- Thread