[Date Prev][Date Next] [Chronological] [Thread] [Top]

Strange ssl certificate checking issue

Hello list.

That's not really an openldap issue, but I guess its developper knows openssl behaviour better then myself: how could a simple distribution-provided update of root certificates affect the way openldap uses my own root certificate ?

Before the update, the root certificate is correctly read from /etc/pki/tls/rootcerts, as per openldap configuration (TLS_CACERTDIR variable). After the update, the root certificate is still read, but ignored, then looked for again in /etc/pki/tls/certs, triggering a failure if not also present/symlinked from there.

The only file change affecting the tool between the two scenarios, according to strace, is /etc/pki/tls/cert.pem, which doesn't contains anything useful in my case. May a syntax error, or a too large size, triggers side-effects ?

Full traces available at
BOFH excuse #61:

not approved by the FCC