[Date Prev][Date Next]
Re: problems on EAGAIN? (was: TLS connect from remote host to slapd hangs)
Rainer Clasen wrote:
> Rainer Clasen wrote:
> > I can access this slapd fine from the server itself. But when I try to
> > contact the new slave from *anywhere* else the connection hangs during
> > the initial SSL phase.
> I've run the server under strace. slapd starts sending the CA
> certificates and after several successfull write()s one call to write()
> returns EAGAIN. Up to then the client received some certificates and
> then blocks.
after figuring out, that slapd picks the CAPath from ldap.conf in
addition to a CAFile in slapd.conf I was able to workaround this problem
by limiting the set of CA certificates the server knows to a small
KeyID=759975BD fingerprint=887A 4BE3 6AB7 EE3C 4AE0 B0E1 0556 E25A 7599 75BD