[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: TLS client certificate pb

To: Liste OpenLDAP Software <openldap-software@OpenLDAP.org>
Subject: RE: TLS client certificate pb
From: Francois Beretti <francois.beretti@enatel.com>
Date: 05 Mar 2003 12:02:14 +0100
In-reply-to: <1046784913.812.39.camel@linux-integ>
References: <007a01c2e250$26c41180$0e01a8c0@CELLO> <1046784913.812.39.camel@linux-integ>

Le mar 04/03/2003 à 14:35, Francois Beretti a écrit :
> Le mar 04/03/2003 à 14:15, Howard Chu a écrit :
> > > I still haven't found how to have tls working with client certificate
> > > verification...
> > >
> > > Is it required for this to use SASL EXTERNAL ?
> > 
> > Yes, you must have a client certificate to use SASL EXTERNAL with SSL/TLS.
> 
> Well, my question was : if I want to verify client certificate, must I
> use SaSL EXTERNAL ? 
> But English isn't my natural language, so I am not very clear, excuse me
> :)
> 
> I ask this because I got a ssl handshake failure when I use a client
> certificate that is valid (cf. previous posts).
> But I aim to use SASL, so I can jump to this step. I just wanted to
> understand all the openldap functionnalities by having tls working with
> client certificates verification.

Ok, that's my fault, in .ldaprc the file path must be absolute.
Now client certificate verfification works perfectly, with 
TLSVerifyClient         demand
in slapd.conf

then I'm gonna fight with sasl external :)
and maybe ask a question or two after having read all the docs and
browse the archive :)
(and made use of my brain)

François

References:
- RE: TLS client certificate pb
  - From: "Howard Chu" <hyc@highlandsun.com>
- RE: TLS client certificate pb
  - From: Francois Beretti <francois.beretti@enatel.com>

Prev by Date: Re: Difference 2.1.x and 2.0.x
Next by Date: Re: Re: make test fails
Index(es):
- Chronological
- Thread