[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4082) TLS broken in OPENLDAP_REL_ENG_2_3_10?

I have reproduced this problem with a CA-less configuration.
The minimum configuration of TLS with X.509 based cipher suites,
I believe, is a server certificate and corresponding key file.
No CA file/directory is required.

Of course, if you non-X.509 cipher suites, why would any
X.509 stuff be needed?


At 10:04 AM 10/12/2005, hyc@symas.com wrote:
>kevins@bmrb.co.uk wrote:
>> On Wed, 2005-10-12 at 08:23 -0700, Kurt D. Zeilenga wrote:
>>> Should be fixed in HEAD and OPENLDAP_REL_ENG_2_3.
>>> Please test.
>> Well,
>> slapd -u ldap -g ldap -h "ldap:// ldaps://"
>> Does now start.
>> However,
>> ldapsearch -ZZ still fails with 
>> ldap_start_tls: Connect error (-11)
>> This does work on 2.2.19.  The ldap.conf file is the same as being used
>> for 2.2.18 and the slapd.conf is the same except for the schema defs
>> (different location, some had changed), the modulepath (obvious reasons)
>> and the location of the database files.  In particular my TLS lines are
>> identical so I am using the same cert and key files.
>HEAD/RE23 works for me. Run ldapsearch with -d7 and/or slapd with -d7 
>and see what problems are encountered.
>  -- Howard Chu
>  Chief Architect, Symas Corp.  http://www.symas.com
>  Director, Highland Sun        http://highlandsun.com/hyc
>  OpenLDAP Core Team            http://www.openldap.org/project/