[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5567) v2.4.10 + gnutls: unable to get TLS client DN, works with openssl

To: openldap-its@OpenLDAP.org
Subject: (ITS#5567) v2.4.10 + gnutls: unable to get TLS client DN, works with openssl
From: dev-zero@gentoo.org
Date: Wed, 18 Jun 2008 12:24:19 GMT

Full_Name: Tiziano Müller
Version: 2.4.10
OS: Gentoo Linux 2008.0
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (212.126.163.234)


I've generated certificates for the server and a client using my own CA.
The following works:
* client checks server certificate
* server checks client certificate

Nevertheless the following keeped appearing in the log:
2008-06-18T13:49:13.135510+02:00 localhost slapd[1771]: connection_read(14):
unable to get TLS client DN, error=-4 id=1

And I was therefore not able to use SASL/EXTERNAL.

When I rebuilt OpenLDAP with OpenSSL instead of GnuTLS it suddenly worked (while
not changing anything else).

The certificates have been generated using OpenSSL (even though this shouldn't
matter).

Prev by Date: (ITS#5566) ACL Documentation Update
Next by Date: Re: (ITS#5566) ACL Documentation Update
Index(es):
- Chronological
- Thread