On a client I run the ldapmodify command with -ZZ specified and get the following:
ldap_start_tls: Success
additional info: error: 24064064: random number generator: SSLEAY_RAND_BYTES:PRNG not seeded
So, I seeded /.rnd with openssl's -rand switch and the server stopped complaining, but the client ldapmodify command still gives the error above. I tried running EGD and setting TLS_RANDFILE to /.gnupg/entropy (where EGD likes to put it) - no joy. Still, the server does not complain, but the client where I run ldapmodify still gives the error. I tried various other things to get rid if this error, but to no avail. The server log shows this:
TLS trace: SSL_accept:SSLv3 flush data
tls_read: want=5 error=Resource temporarily unavailable
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: select: listen=8 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9)
connection_get(9): got connid=9
connection_read(9): checking for input on id=9
tls_read: want=5, got=0
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept.
connection_read(9): TLS accept error error=-1 id=9, closing
connection_closing: readying conn=9 sd=9 for close
connection_close: conn=9 sd=9
Thinking there might be something wrong with my certificate, I generated a new one using standard openssl procedures. Still no good. Do I have a certificate problem? Or, do I need to run EGD on the client machine? Or what?