[Date Prev][Date Next]
Strange ssl certificate checking issue
- To: firstname.lastname@example.org
- Subject: Strange ssl certificate checking issue
- From: Guillaume Rousse <Guillaume.Rousse@inria.fr>
- Date: Mon, 08 Feb 2010 13:05:47 +0100
- User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:22.214.171.124) Gecko/20100122 Mandriva/3.0.1-2mdv2010.1 (2010.1) Thunderbird/3.0.1
That's not really an openldap issue, but I guess its developper knows
openssl behaviour better then myself: how could a simple
distribution-provided update of root certificates affect the way
openldap uses my own root certificate ?
Before the update, the root certificate is correctly read from
/etc/pki/tls/rootcerts, as per openldap configuration (TLS_CACERTDIR
variable). After the update, the root certificate is still read, but
ignored, then looked for again in /etc/pki/tls/certs, triggering a
failure if not also present/symlinked from there.
The only file change affecting the tool between the two scenarios,
according to strace, is /etc/pki/tls/cert.pem, which doesn't contains
anything useful in my case. May a syntax error, or a too large size,
triggers side-effects ?
Full traces available at
BOFH excuse #61:
not approved by the FCC