[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: TLS fails
Kurt D. Zeilenga wrote:
At 03:41 PM 2/15/2006, Quanah Gibson-Mount wrote:
On Wednesday 15 February 2006 15:40, Jon Roberts wrote:
ldapsearch -ZZZ -h 171.67.16.11 uid=quanah uid
ldap_start_tls: Connect error (-11)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Assuming the certificate doesn't list the
IP address 171.67.16.11 as a alternative subject
name (which ldapsearch(1) should check), correct.
But in the case of the OpenLDAP libraries, it would state explicitly
"hostname does not match". The above error message comes from the
OpenSSL library, meaning that there is something fundamentally wrong
with the certificate itself. Running with a higher debug level would be
more useful (or you could look up error code 14090086 in the OpenSSL
source).
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/