[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problems with TLS on OpenBSD

To: openldap-software@OpenLDAP.org
Subject: Problems with TLS on OpenBSD
From: "Heiner Ohm" <ho@risks.de>
Date: Mon, 27 Sep 2004 16:32:53 +0200 (CEST)
Importance: Normal
User-agent: SquirrelMail/1.4.3-RC1

Hello,

i have a big problem with OpenLDAP 2.2.15 and TLS. I compiled it on a OpenBSD
3.5 machine with

> CPPFLAGS=-I/usr/local/include/db4/ LDFLAGS=-L/usr/local/lib/db4
./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin
--libexecdir=/usr/libexec --datadir=/usr/share --sysconfdir=/etc
--localstatedir=/var --libdir=/usr/lib --includedir=/usr/include
--enable-syslog --enable-ipv6 --with-tls --enable-slapd --enable-bdb
> make depend
> make
> make install

Everything works, TLS...

I created a self-signed certificate (which works fine with other software),
an added the lines

TLSCertificateFile /etc/openldap/server.pem
TLSCertificateKeyFile /etc/openldap/server.pem
TLSVerifyClient never

in my slapd.conf. The slapd starts without Problems and works fine with
non-ssl connections but when i try to use TLS the following debug message
appears (slapd -u slapd -g slapd -d 256):

conn=1 fd=15 ACCEPT from IP=10.10.10.1:33552 (IP=0.0.0.0:389)
TLS: can't accept.
TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
/usr/src/lib/libssl/ssl/../src/ssl/s3_pkt.c:1052
conn=1 fd=15 closed


Does anyone know where my failure is?


Regards,

Heiner Ohm

Follow-Ups:
- Re: Problems with TLS on OpenBSD
  - From: Greg Matthews <gmatt@nerc.ac.uk>
- Re: Problems with TLS on OpenBSD
  - From: Dieter Kluenter <dieter@dkluenter.de>

Prev by Date: Re: Need to find ldapsearch
Next by Date: Re: back-perl; where is it working correctly?
Index(es):
- Chronological
- Thread