[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenSSL clients connect over TLS, GnuTLS clients cannot.


I'm having a problem getting TLS connections working properly when
clients of the server are built against GnuTLS.  When clients are built
against OpenSSL, TLS connections work properly.

If OpenLDAP is built against GnuTLS, TLS connections fail with this
error (some debug included):

TLS: peer cert untrusted or revoked (0x42)
ldap_start_tls: Connect error (-11)

For testing, I've tried the following setups.  Each use the same
GnuTLS (client) -> GnuTLS (server) = failure
OpenSSL (client) -> GnuTLS (server) = success
GnuTLS (client) -> OpenSSL (server) = failure
OpenSSL (client) -> OpenSSL (server) = success

Also, I have used GnuTLS's testing tools (gnutls-serv and gnutls-cli) to
verify that GnuTLS is working properly with the certificate.
gnutls-serv \
        --x509certfile /etc/ssl/my_ssl/server.key \
        --x509keyfile /etc/ssl/my_ssl/server.crt
gnutls-cli \
        --x509cafile /etc/ssl/certs/ca-certificates.crt \
        -p 5556 \

GnuTLS output:
- Peer's certificate is trusted
- Version: TLS1.1
- Key Exchange: DHE-RSA
- Cipher: AES-128-CBC
- Compression: NULL
- Handshake was completed

Versions used:
GnuTLS 2.2.1
OpenSSL 0.9.8c
OpenLDAP 2.4.9

Does anyone have any ideas whats going on, or any idea how to
troubleshoot this further?

Is this something that should go to the openldap-bugs mailing list?

Thank you.