[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: TLS_CACERTDIR not working?

Just a reply not related to TLS_CACERTDIR, but to the cacert.pem file
pointed by TLS_CACERT directive containing two CA certs.

As advised by Howard and others, it is "stupid" to create more than one
CA cert per organization.

I have managed to use the ONE and ONLY ONE CA Cert created to sign
server certs for master and slave servers and this CACERT is working
fine for the ldap client when master is down, and the slave takes over.

Gary

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of Tay, Gary
Sent: Friday, October 22, 2004 9:27 AM
To: gmatt@nerc.ac.uk; openldap
Subject: RE: TLS_CACERTDIR not working?


I had the same experience with 2.2.13/RedHat EL3 and Solaris9, I was
using pem format also, that was why I had worked around it by using
TLS_CACERT and putting all CA certs in one file.

I could be missing something if this is not a bug.

I am now using 2.2.17 but did not try to use TLS_CACERTDIR again.

Gary

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of Greg Matthews
Sent: Friday, October 22, 2004 12:29 AM
To: openldap
Subject: TLS_CACERTDIR


Does anyone use TLS_CACERTDIR in their .ldaprc file?

I can't get this to work with ldapsearch. If I use TLS_CACERT and put
all the CA certificates in one file then it will work. If I use both
options su(1) segfaults!

using 2.2.17 ldapsearch and various versions of slapd. It seems to be on
the client side tho as it doesnt recognise the CA, so I surmise it is
not parsing the files in TLS_CACERTDIR correctly. Should these be
something other than pem format?

I can live with it but its still a bug no?

GREG
-- 
Greg Matthews
iTSS Wallingford	01491 692445