[Date Prev][Date Next]
On Thu, 2004-10-21 at 17:37, Andreas wrote:
> On Thu, Oct 21, 2004 at 05:29:26PM +0100, Greg Matthews wrote:
> > Does anyone use TLS_CACERTDIR in their .ldaprc file?
> Have you created the symbolic links with the hashed form?
> Something like:
> f73e89fd.0 -> vsignss.pem
> ddc328ff.0 -> thawteCb.pem
> /usr/bin/c_rehash from openssl does this. It is necessary in order for the
> openssl library to find the right CA file in that dir.
aaaaaah.... <light comes on in a dark room>
not come across this before. Difficult to find any info on c_rehash too.
For the record:
creates these symbolic links in the ~/certs/ directory
lea gmatt $ ls -l certs/
lrwxrwxrwx 1 gmatt itss 13 2004-10-22 09:27 161b3e35.0 ->
lrwxrwxrwx 1 gmatt itss 12 2004-10-22 09:27 ac2be511.0 ->
lrwxrwxrwx 1 gmatt itss 18 2004-10-22 09:27 e593080d.0 ->
-rw-r--r-- 1 gmatt itss 1277 2004-06-30 09:57 myca-cert.pem
-rw-r--r-- 1 gmatt itss 1850 2004-10-05 16:43 RootCert.pem
-rw-r--r-- 1 gmatt itss 1277 2004-06-30 09:56 sidheanCA-cert.pem
Now ldapsearch and GQ are happy with all my CA certs.
Probably worth pointing out that su still segfaults even with these
links and TLS_CACERTDIR in the .ldaprc file, but that is a bug for a
different mailing list!
iTSS Wallingford 01491 692445