[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Start TLS extended request

"No client certificate CA names sent"
Using openssl s_client, I get this message, but the operation doesnt
terminate there. s_client verifies the server certificate using the CAPath
i've provided.

whereas through openldap i get the following message and the operation **terminates immediately**.
"TLS: could not load client CA list
ldap_simple_bind_s: Can't contact LDAP server

in both cases CAFile is absent and CADir is present with valid path.


On Fri, 23 Jan 2004, Kurt D. Zeilenga wrote:

> At 12:48 PM 1/23/2004, Siva Kollipara wrote:
> >I am confused coz "openssl s_client -connect localhost:636
> >-CApath=/valid/certs/dir" succeeds and everything works without
> try with -verify, try with both -CAfile, etc..
> The OpenLDAP configuration flags are, IIRC, passed in to the
> OpenSSL library, much like the openssl(1) does its command
> line flags.  So, the behavior should be quite similar for
> equivalent flags.
> Kurt