[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SSL3 alert write:fatal:unknown CA
- To: OpenLDAP <openldap-software@OpenLDAP.org>
- Subject: Re: SSL3 alert write:fatal:unknown CA
- From: Pierre Burri <pierre@globeall.de>
- Date: Fri, 27 Jun 2003 00:06:23 +0200
- Content-disposition: inline
- In-reply-to: <4901658.1056638859@cadabra-dsl.stanford.edu>
- References: <OF13FB7FF1.9C9493C5-ON87256D51.005F8F6F-86256D51.005FE248@us.ibm .com> <200306262341.43228.pierre@globeall.de> <4901658.1056638859@cadabra-dsl.stanford.edu>
- User-agent: KMail/1.5
Am Donnerstag, 26. Juni 2003 23:47 schrieben Sie:
> --On Thursday, June 26, 2003 11:41 PM +0200 Pierre Burri
>
> <pierre@globeall.de> wrote:
> > Am Donnerstag, 26. Juni 2003 23:27 schrieben Sie:
> >> --On Thursday, June 26, 2003 11:00 PM +0200 Pierre Burri
> >>
> >> <pierre@globeall.de> wrote:
> >> > Hi Kent,
> >> > I looked in your excellent Document OpenLDAP_TLS_howto, also because
> >> > Quanah Gibson-Mount mentioned it.
> >> >
> >> > In Chapter 7 Using TLS you give the following example:
> >> >
> >> > ldapsearch -x -b 'dc=myserver,dc=com' -D
> >> > "cn=Manager,dc=myserver,dc=com" '(objectclass=*)' -H
> >> > ldaps://myserver.com -W -ZZ
> >> >
> >> > I thought TLS was working on port 389 and only SSL was using ldaps://
> >> > If that's true the command would be:
> >>
> >> Pierre, SSL and TLS are essentially the same thing. OpenLDAP does
> >> SSL+TLS on port 389. By specifying ldaps://, you request that it make
> >> an encrypted call to the OpenLDAP server, via SSL/TLS encryption.
> >>
> >> --Quanah
> >
> > I'm getting mixed up now...
> > on my test machine, with the combination -Z and -H ldaps:// I get the
> > following error message:
> > ldap_start_tls: Operation error (1)
> > additional info: TLS already started
> > ---
> > -Z and -h hostname or -H ldaps://hostname without -Z doesn't produce any
> > error messages.
> >
> > we'll continue tomorrow, I have to go to bed now
> > good night, Pierre
>
> Pierre,
>
> That is you can specify one OR the other, but not both, because they both
> do the same thing.
>
> I.e., either use -Z, or use ldaps://
>
> --Quanah
>
Quanah,
That's is exactly what I thought but wasn't sure anymore after your previous
email.
Cheers, Pierre