RE: TLS client certificate pb

[Francois Beretti <francois.beretti@enatel.com>]

Le mar 04/03/2003 à 14:15, Howard Chu a écrit :
> > I still haven't found how to have tls working with client certificate
> > verification...
> >
> > Is it required for this to use SASL EXTERNAL ?
> 
> Yes, you must have a client certificate to use SASL EXTERNAL with SSL/TLS.

Well, my question was : if I want to verify client certificate, must I
use SaSL EXTERNAL ? 
But English isn't my natural language, so I am not very clear, excuse me
:)

I ask this because I got a ssl handshake failure when I use a client
certificate that is valid (cf. previous posts).
But I aim to use SASL, so I can jump to this step. I just wanted to
understand all the openldap functionnalities by having tls working with
client certificates verification.

> 
> Read the F'ine manual already. http://www.openldap.org/doc/admin21/
> 
> Amazing, people complain that there's no documentation, and then when we take
> the time to write the docs nobody reads them. It all seems like wasted
> effort.
> 

Ok, I haven't seriously read the doc about sasl, so all apologies, in my
mail I have continued my talking about sasl and reached points that are
told about in the manual

All apologies, I use this doc a lot (for other functionnalities) and
really apreciate it


Francois Beretti


>   -- Howard Chu
>   Chief Architect, Symas Corp.       Director, Highland Sun
>   http://www.symas.com               http://highlandsun.com/hyc
>   Symas: Premier OpenSource Development and Support