Re: SASL External Mechanism

[Tony Earnshaw <tonye@billy.demon.nl>]

fre, 02.01.2004 kl. 05.11 skrev ms419@freezone.co.uk:

> TLS certificate verification: depth: 0, err: -49, subject: -unknown-,  
> issuer: -unknown-
> TLS certificate verification: Error, Unknown error
> TLS: can't accept.
> TLS: Error in the certificate. (null):0
> connection_read(13): TLS accept error error=-1 id=0, closing
> connection_closing: readying conn=0 sd=13 for close
> connection_close: conn=0 sd=13
> 
> I've confirmed that "/etc/ldap/cert.pem" and "/etc/ldap/key.pem" are  
> readable by the user, and that "/etc/ldap/cacert.pem" is world  
> readable.
> 
> Interestingly, I encounter exactly the same error if I omit  
> "TLSCACertificateFile" altogether, or if I remove  
> "/etc/ldap/cacert.pem".
> 
> Additionally, the ca certificate used by the client is also  
> "/etc/ldap/cacert.pem", and the certificate and key used by the server  
> are likewise "/etc/ldap/cacert.pem". Why then, can the client verify  
> the server, yet the server can't verify the client?

Dunno, but the issue is definitely here:

TLS certificate verification: depth: 0, err: -49, subject: -unknown-,  
> issuer: -unknown-
> TLS certificate verification: Error, Unknown error
> TLS: can't accept.
> TLS: Error in the certificate. (null):0

The cert doesn't seem to be being presented for some reason. I've never
used SASL external, so I've no experience.

--Tonni

-- 
mail: billy - at - billy.demon.nl
http://www.billy.demon.nl