[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS fails

To: openldap-technical@openldap.org
Subject: Re: TLS fails
From: Frederik Bosch <frederik.bosch@gmail.com>
Date: Wed, 01 Sep 2010 10:23:08 +0200
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=1m4FiILqNuHyq3M1Bj1VkOAjXJ07tpiQ+YRaAA7Apj8=; b=uUkNGGdR9ezu6947P8zaSkNNQHdtXaB/pmqpNGWDwI58BFrJ4ie3/A6m/1FHqLaOWa xg/dGOJkR1iPQQAoi8pbIZzHakxWeQJjTbPSwMrWevdLPePqp6iHhfkt7T8OLbHeKzKv pjXzYgQe2t9xxJWXALRLcCzQUBsOz0d6eFst8=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=PKyB2chJMcg0eupBIEa7GvBveeLuaxq5sBJhj5n++XEydintd/NULKtMqtq5q1Vzn3 98lLxk/FIxxxUfBO2vkmtkpafpp43D+eYapaAFxuccLgdqlyx/2zhooBTHHASjOZ65Nb +LFkDTUlPjW8OzTqBYxT2qNxVHhNPE5Qcxflc=
In-reply-to: <4C7CD64F.7080405@gmail.com>
References: <4C7CC5CC.3030200@gmail.com> <4C7CD64F.7080405@gmail.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.11) Gecko/20100713 Thunderbird/3.0.6

Compiling 2.4.17 with OpenSSL was more succesful than on 2.4.11. I thinkthat's a Debian issue. Anyway, I have my server up and running! Thanks alot Dieter for answering all my questions.

But I have a minor question left. Each time I restart slapd I have toenter the PEM pass phrase. Is there a way to remember or not prompt forthe passphrase?





On 08/31/2010 12:15 PM, Frederik Bosch wrote:

In that case. I'd go for recompiling with openssl. I already tried, but
that gave me following error.

Could not locate TLS/SSL package.

Of course, I also googled that. I think I need to point where to find
the OpenSSL library.

dpkg -L openssl says

/usr/lib/ssl
/usr/lib/ssl/misc
/usr/lib/ssl/misc/c_info
/usr/lib/ssl/misc/CA.sh
/usr/lib/ssl/misc/c_hash
/usr/lib/ssl/misc/c_name
/usr/lib/ssl/misc/c_issuer
/usr/lib/ssl/misc/CA.pl

So I tried to do

env CPPFLAGS="-I/usr/lib/ssl" LDFLAGS="-L/usr/lib/ssl"

before configure but no success. By the way, this is first time I try to
compile something and I do it with debuild -us -uc.




On 08/31/2010 11:05 AM, Frederik Bosch wrote:

After getting my ACL right (thanks Dieter!), I have problems installing
an official certificate. I bought a certificate at RapidSSL. Starting
slapd gives me the following error.

TLS init def ctx failed: -69

This error is thrown in openldap 2.4.17. Since I am on debian, slapd is
compiled against GnuTLS. When I was using 2.4.11 I had another error:

TLS init def ctx failed: -207

When I had a self-signed certificate I had no trouble. What could be
wrong?

Follow-Ups:
- Re: TLS fails
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Password history configuration for ldap users.
Next by Date: RE: Getting Solaris to use Openldap
Index(es):
- Chronological
- Thread