[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Start TLS extended request
"No client certificate CA names sent"
Using openssl s_client, I get this message, but the operation doesnt
terminate there. s_client verifies the server certificate using the CAPath
i've provided.
whereas through openldap i get the following message and the operation **terminates immediately**.
"TLS: could not load client CA list
(file:`',dir:`/net_home/skollipa/server/ssl/certs/')."
ldap_perror
ldap_simple_bind_s: Can't contact LDAP server
in both cases CAFile is absent and CADir is present with valid path.
Siva
On Fri, 23 Jan 2004, Kurt D. Zeilenga wrote:
> At 12:48 PM 1/23/2004, Siva Kollipara wrote:
> >I am confused coz "openssl s_client -connect localhost:636
> >-CApath=/valid/certs/dir" succeeds and everything works without
complaning
>
> try with -verify, try with both -CAfile, etc..
>
> The OpenLDAP configuration flags are, IIRC, passed in to the
> OpenSSL library, much like the openssl(1) does its command
> line flags. So, the behavior should be quite similar for
> equivalent flags.
>
> Kurt
>