ssl and openldap

[Gustavo Rios <vieira.rios@gmail.com>]

Hey list,

since my last posts i have done progress with netscape browser (it's
ok now). Any how, let's forget about apache and this matter and keep
focused on ssl and openldap.

After have re-done my CA configuration i tried again to have ssl
working for openldap, but no success so far.

starting openldap (slapd -d 7) i had the following:

...
...
TLS trace: SSL_accept:SSLv3 flush data
tls_read: want=5, got=5
  0000:  15 03 01 00 02                                     .....
tls_read: want=2, got=2
  0000:  02 33                                              .3
TLS trace: SSL3 alert read:fatal:decrypt error
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept.
TLS: error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt
error /usr/src/lib/libssl/ssl/../src/ssl/s3_pkt.c:1052
connection_read(12): TLS accept error error=-1 id=1, closing
connection_closing: readying conn=1 sd=12 for close
connection_close: conn=1 sd=12

The program i used to try connecting was ldapsearch, it's output was:

etosha$ ldapsearch -ZZ -x
ldap_start_tls: Connect error (-11)
        additional info: error:0D0890A1:asn1 encoding
routines:ASN1_verify:unknown message digest algorithm
etosha$

Does anybody have any ideia about what is going on ?

My slapd.conf is:

TLSCACertificateFile    /var/ca1/crt/ca.crt
TLSCertificateFile      /var/ca1/crt/ldap.crt
TLSCertificateKeyFile   /var/ca1/pvt/ldap.key
TLSVerifyClient         never

My ldap.conf is:
TLS_CACERT      /var/ca1/crt/ca.crt

Thanks a lot for your time and cooperation.

Best regards.