[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS_CACERTDIR

To: Greg Matthews <gmatt@nerc.ac.uk>
Subject: Re: TLS_CACERTDIR
From: Andreas <andreas@conectiva.com.br>
Date: Thu, 21 Oct 2004 13:37:30 -0300
Cc: openldap <openldap-software@OpenLDAP.org>
Content-disposition: inline
In-reply-to: <1098376166.3854.10.camel@lea.nerc-wallingford.ac.uk>
References: <1098376166.3854.10.camel@lea.nerc-wallingford.ac.uk>
User-agent: Mutt/1.5.6i

On Thu, Oct 21, 2004 at 05:29:26PM +0100, Greg Matthews wrote:
> Does anyone use TLS_CACERTDIR in their .ldaprc file?
> 
> I can't get this to work with ldapsearch. If I use TLS_CACERT and put
> all the CA certificates in one file then it will work. If I use both
> options su(1) segfaults!
> 
> using 2.2.17 ldapsearch and various versions of slapd. It seems to be on
> the client side tho as it doesnt recognise the CA, so I surmise it is
> not parsing the files in TLS_CACERTDIR correctly. Should these be
> something other than pem format?

Have you created the symbolic links with the hashed form?
Something like:
f73e89fd.0 -> vsignss.pem
ddc328ff.0 -> thawteCb.pem
(...)

/usr/bin/c_rehash from openssl does this. It is necessary in order for the
openssl library to find the right CA file in that dir.

Follow-Ups:
- Re: TLS_CACERTDIR
  - From: Greg Matthews <gmatt@nerc.ac.uk>

References:
- TLS_CACERTDIR
  - From: Greg Matthews <gmatt@nerc.ac.uk>

Prev by Date: TLS_CACERTDIR
Next by Date: Re: FD_SETSIZE problems on a high-end server
Index(es):
- Chronological
- Thread