[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#4082) TLS broken in OPENLDAP_REL_ENG_2_3_10?
Kurt D. Zeilenga wrote:
> I have reproduced this problem with a CA-less configuration.
> The minimum configuration of TLS with X.509 based cipher suites,
> I believe, is a server certificate and corresponding key file.
> No CA file/directory is required.
>
Hm... Sounds right.
> Of course, if you non-X.509 cipher suites, why would any
> X.509 stuff be needed?
>
Good question. You're suggesting we should have left well enough alone
and revert ITS#4072?
> Kurt
>
> At 10:04 AM 10/12/2005, hyc@symas.com wrote:
>
>> kevins@bmrb.co.uk wrote:
>>
>>> On Wed, 2005-10-12 at 08:23 -0700, Kurt D. Zeilenga wrote:
>>>
>>>
>>>> Should be fixed in HEAD and OPENLDAP_REL_ENG_2_3.
>>>> Please test.
>>>>
>>>>
>>>>
>>> Well,
>>>
>>> slapd -u ldap -g ldap -h "ldap:// ldaps://"
>>>
>>> Does now start.
>>>
>>> However,
>>>
>>> ldapsearch -ZZ still fails with
>>>
>>> ldap_start_tls: Connect error (-11)
>>>
>>> This does work on 2.2.19. The ldap.conf file is the same as being used
>>> for 2.2.18 and the slapd.conf is the same except for the schema defs
>>> (different location, some had changed), the modulepath (obvious reasons)
>>> and the location of the database files. In particular my TLS lines are
>>> identical so I am using the same cert and key files.
>>>
>> HEAD/RE23 works for me. Run ldapsearch with -d7 and/or slapd with -d7
>> and see what problems are encountered.
>>
>> --
>> -- Howard Chu
>> Chief Architect, Symas Corp. http://www.symas.com
>> Director, Highland Sun http://highlandsun.com/hyc
>> OpenLDAP Core Team http://www.openldap.org/project/
>>
>
>
>
>
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/