[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5749) client didn't send its own certificate to the server

Full_Name: Gabor Mayer
Version: 2.4.11
OS: debian
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

i discovered it when i turned on the peer verification at server side.

i'm using the following configuration at client side:


BASE    dc=example,dc=org
URI     ldaps://ldap.example.org

TLS_CACERT      /etc/ldap/server.crt


TLS_CERT /etc/ldap/client.crt
TLS_KEY /etc/ldap/client.key

i tried TLS_CERT & TLS_KEY in ldap.conf and in .ldaprc without success.

i tested it with ldapsearch -x and i got the following debug message at server
if the TLSVerifyClient was turned on:

TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read client certificate B
TLS: can't accept.
TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return
a certificate s3_srvr.c:2455 

i captured the tcp flow at client side and i saw the server's certificate only.
the client didn't send its own certificate to the server!