[Date Prev][Date Next] [Chronological] [Thread] [Top]

Issue with Openldap 2.1.12 and SSL/TLS



People,

I've been using SSL/TLS with the same CA, public and private key
certificates since 2.1.4.

Recently I installed 2.1.12/Cyrus SASL 2.1.10 over Openldap 2.1.10/Cyrus
SASL 2.1.10, kept slapd.conf and ldap.conf as they were and suddenly
found that Openldap clients (ldapsearch et al) are failing with error 19
"Self signed certificate". Up to and including 2.1.10 there was no
problem. Both 18 and 19 results were accepted.

In fact, I have CA-signed slapd public and private keys; I have what
Andrew Finlay calls community-signed certs, my own CA. The subject of
the server public key is the fqdn of my machine, the issuer is a
different fqdn. Both the subject and the issuer of the CA certificate
are the same. All services and clients are run internally, on the
machine itself.

The strange thing is, that other clients such as pam_ldap and nss_ldap
based clients (sshd, ftpd, imapd etc) work fine when connecting to the
SSL port, 636 or when using TLS on port 389. So does my smtp server,
Exim 4.12, that uses ldaps. Only the Openldap clients - *and* GQ are
failing at the moment. 

Anyone any idea why?

Best,

Tony

-- 

Tony Earnshaw

"Can anyone define 'modern enclitic
mediocrity' in terms of the Euro for me?"
- Billy the (Norwegian-Dutch) Cat, Feb '03

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl