[Date Prev][Date Next]
Re: (ITS#4082) TLS broken in OPENLDAP_REL_ENG_2_3_10?
I have reproduced this problem with a CA-less configuration.
The minimum configuration of TLS with X.509 based cipher suites,
I believe, is a server certificate and corresponding key file.
No CA file/directory is required.
Of course, if you non-X.509 cipher suites, why would any
X.509 stuff be needed?
At 10:04 AM 10/12/2005, email@example.com wrote:
>> On Wed, 2005-10-12 at 08:23 -0700, Kurt D. Zeilenga wrote:
>>> Should be fixed in HEAD and OPENLDAP_REL_ENG_2_3.
>>> Please test.
>> slapd -u ldap -g ldap -h "ldap:// ldaps://"
>> Does now start.
>> ldapsearch -ZZ still fails with
>> ldap_start_tls: Connect error (-11)
>> This does work on 2.2.19. The ldap.conf file is the same as being used
>> for 2.2.18 and the slapd.conf is the same except for the schema defs
>> (different location, some had changed), the modulepath (obvious reasons)
>> and the location of the database files. In particular my TLS lines are
>> identical so I am using the same cert and key files.
>HEAD/RE23 works for me. Run ldapsearch with -d7 and/or slapd with -d7
>and see what problems are encountered.
> -- Howard Chu
> Chief Architect, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc
> OpenLDAP Core Team http://www.openldap.org/project/