[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SASL External Mechanism
fre, 02.01.2004 kl. 05.11 skrev ms419@freezone.co.uk:
> TLS certificate verification: depth: 0, err: -49, subject: -unknown-,
> issuer: -unknown-
> TLS certificate verification: Error, Unknown error
> TLS: can't accept.
> TLS: Error in the certificate. (null):0
> connection_read(13): TLS accept error error=-1 id=0, closing
> connection_closing: readying conn=0 sd=13 for close
> connection_close: conn=0 sd=13
>
> I've confirmed that "/etc/ldap/cert.pem" and "/etc/ldap/key.pem" are
> readable by the user, and that "/etc/ldap/cacert.pem" is world
> readable.
>
> Interestingly, I encounter exactly the same error if I omit
> "TLSCACertificateFile" altogether, or if I remove
> "/etc/ldap/cacert.pem".
>
> Additionally, the ca certificate used by the client is also
> "/etc/ldap/cacert.pem", and the certificate and key used by the server
> are likewise "/etc/ldap/cacert.pem". Why then, can the client verify
> the server, yet the server can't verify the client?
Dunno, but the issue is definitely here:
TLS certificate verification: depth: 0, err: -49, subject: -unknown-,
> issuer: -unknown-
> TLS certificate verification: Error, Unknown error
> TLS: can't accept.
> TLS: Error in the certificate. (null):0
The cert doesn't seem to be being presented for some reason. I've never
used SASL external, so I've no experience.
--Tonni
--
mail: billy - at - billy.demon.nl
http://www.billy.demon.nl