Re: TLS_CACERTDIR

[Greg Matthews <gmatt@nerc.ac.uk>]

On Thu, 2004-10-21 at 17:37, Andreas wrote:
> On Thu, Oct 21, 2004 at 05:29:26PM +0100, Greg Matthews wrote:
> > Does anyone use TLS_CACERTDIR in their .ldaprc file?
> > 
> Have you created the symbolic links with the hashed form?
> Something like:
> f73e89fd.0 -> vsignss.pem
> ddc328ff.0 -> thawteCb.pem
> (...)
> 
> /usr/bin/c_rehash from openssl does this. It is necessary in order for the
> openssl library to find the right CA file in that dir.

aaaaaah.... <light comes on in a dark room>

not come across this before. Difficult to find any info on c_rehash too.
For the record:

/usr/bin/c_rehash ~/certs/

creates these symbolic links in the ~/certs/ directory

lea gmatt $ ls -l certs/
total 9
lrwxrwxrwx  1 gmatt itss   13 2004-10-22 09:27 161b3e35.0 ->
myca-cert.pem
lrwxrwxrwx  1 gmatt itss   12 2004-10-22 09:27 ac2be511.0 ->
RootCert.pem
lrwxrwxrwx  1 gmatt itss   18 2004-10-22 09:27 e593080d.0 ->
sidheanCA-cert.pem
-rw-r--r--  1 gmatt itss 1277 2004-06-30 09:57 myca-cert.pem
-rw-r--r--  1 gmatt itss 1850 2004-10-05 16:43 RootCert.pem
-rw-r--r--  1 gmatt itss 1277 2004-06-30 09:56 sidheanCA-cert.pem

Now ldapsearch and GQ are happy with all my CA certs.

Probably worth pointing out that su still segfaults even with these
links and TLS_CACERTDIR in the .ldaprc file, but that is a bug for a
different mailing list!

thanks

GREG
-- 
Greg Matthews
iTSS Wallingford	01491 692445