[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS issue (again)

Hi Oliver.

OpenLDAP with NSS. What version? Is that Fedora?

----- Original Message -----
> $ ldapsearch -ZZ -D uid=guillard,ou=staff,ou=people,dc=example,dc=fr
> -W uid=guillard -h ldap2.th3.example.fr
> ldap_start_tls: Connect error (-11)
> 	additional info: TLS error -8172:Unknown code ___f 20

SEC_ERROR_UNTRUSTED_ISSUER (Peer's certificate issuer has been
marked as not trusted by the user.)
> olcTLSCACertificateFile  /etc/openldap/cacerts/CA.crt
> olcTLSCertificateFile /etc/openldap/cacerts/server.crt
> olcTLSCertificateKeyFile /etc/openldap/cacerts/server.key
> olcTLSCipherSuite HIGH

> TLS: error: accept - force handshake failure: errno 11 - moznss error
> -12195
> TLS: can't accept: TLS error -12195:Unknown code ___P 93.

SSL_ERROR_UNKNOWN_CA_ALERT (Peer does not recognize and trust the CA
that issued yourcertificate.

> ...

"openssl x509 -in yourcert.pem -text" gives me:

unable to load certificate
139832255481664:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150:
139832255481664:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1306:
139832255481664:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=X509_VAL
139832255481664:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:751:Field=validity, Type=X509_CINF
139832255481664:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:751:Field=cert_info, Type=X509
139832255481664:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83: