[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Start TLS extended request



"No client certificate CA names sent"
Using openssl s_client, I get this message, but the operation doesnt
terminate there. s_client verifies the server certificate using the CAPath
i've provided.

whereas through openldap i get the following message and the operation **terminates immediately**.
"TLS: could not load client CA list
(file:`',dir:`/net_home/skollipa/server/ssl/certs/')."
ldap_perror
ldap_simple_bind_s: Can't contact LDAP server

in both cases CAFile is absent and CADir is present with valid path.

Siva

On Fri, 23 Jan 2004, Kurt D. Zeilenga wrote:

> At 12:48 PM 1/23/2004, Siva Kollipara wrote:
> >I am confused coz "openssl s_client -connect localhost:636
> >-CApath=/valid/certs/dir" succeeds and everything works without
complaning
>
> try with -verify, try with both -CAfile, etc..
>
> The OpenLDAP configuration flags are, IIRC, passed in to the
> OpenSSL library, much like the openssl(1) does its command
> line flags.  So, the behavior should be quite similar for
> equivalent flags.
>
> Kurt
>