[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL3 alert write:fatal:unknown CA

To: Quanah Gibson-Mount <quanah@stanford.edu>
Subject: Re: SSL3 alert write:fatal:unknown CA
From: Kent Soper <dksoper@us.ibm.com>
Date: Thu, 26 Jun 2003 17:20:14 -0500
Cc: OpenLDAP <openldap-software@OpenLDAP.org>, owner-openldap-software@OpenLDAP.org, Pierre Burri <pierre@globeall.de>

Quanah wrote:

>> ldapsearch -x -b 'dc=myserver,dc=com' -D "cn=Manager,dc=myserver,dc=com"
>> '(objectclass=*)' -H ldaps://myserver.com -W -ZZ
> ...
>But, you could have it be ldaps:// and get rid of the -ZZ.

Yep, that's right.

These are the two styles used for encrypted traffic:
TLS ==> ldap://   with  -ZZ option (if ldap_start_tls_s() not called in the
client app)
SSL ==> ldaps://   (no -ZZ)

Combining ldaps://  and -ZZ is like trying to start an already running car
and getting that nice grinding sound.  The server won't accept the
connection.

But the example in Chapter 7 of the doc is about TLS specifically after
much of the doc has discusssed SSL.  So I should change it to the TLS style
in the next draft.  Thanks for the comments!

Cheers,
Kent Soper

"You don't stop playing because you grow old ...
       you grow old because you stop playing."

Linux Technology Center, Linux Security
phone: 1-512-838-9216
e-mail:  dksoper@us.ibm.com

Prev by Date: Re: SSL3 alert write:fatal:unknown CA
Next by Date: Re: ACL/ACI && SASL
Index(es):
- Chronological
- Thread