[Date Prev][Date Next]
Re: SSL problem with self-compiled client
At 11:50 PM 4/27/2005, firstname.lastname@example.org wrote:
>so I think that the certificates are right.
You should use OpenSSL s_client/s_server to confirm that
the certificates are right. If s_client/s_server don't
work, then it nearly certain that OpenLDAP won't work.
If s_client/s_server do work, then OpenLDAP should work
through TLS negotiation (e.g., up to the point where
OpenLDAP performs LDAP-specific certificate checks).
And, after you get OpenLDAP s_client/s_server working,
you should also use -ZZ instead of -Z to ensure the
client fails when Start TLS fails.