[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL problem with self-compiled client



At 11:50 PM 4/27/2005, stieler@gdsys.de wrote:
>so I think that the certificates are right. 

You should use OpenSSL s_client/s_server to confirm that
the certificates are right.  If s_client/s_server don't
work, then it nearly certain that OpenLDAP won't work.
If s_client/s_server do work, then OpenLDAP should work
through TLS negotiation (e.g., up to the point where
OpenLDAP performs LDAP-specific certificate checks).

And, after you get OpenLDAP s_client/s_server working,
you should also use -ZZ instead of -Z to ensure the
client fails when Start TLS fails.

Kurt