[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL problem with self-compiled client

To: stieler@gdsys.de
Subject: Re: SSL problem with self-compiled client
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 28 Apr 2005 15:47:22 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <DIIE.00000C2D0007BD69@gdproxy2.gdsys.de>
References: <DIIE.00000C2D0007BD69@gdproxy2.gdsys.de>

At 11:50 PM 4/27/2005, stieler@gdsys.de wrote:
>so I think that the certificates are right. 

You should use OpenSSL s_client/s_server to confirm that
the certificates are right.  If s_client/s_server don't
work, then it nearly certain that OpenLDAP won't work.
If s_client/s_server do work, then OpenLDAP should work
through TLS negotiation (e.g., up to the point where
OpenLDAP performs LDAP-specific certificate checks).

And, after you get OpenLDAP s_client/s_server working,
you should also use -ZZ instead of -Z to ensure the
client fails when Start TLS fails.

Kurt

References:
- SSL problem with self-compiled client
  - From: stieler@gdsys.de

Prev by Date: Re: Entries in LDAP dir seem to sporadically become unreadable
Next by Date: slapcat and monitor backend
Index(es):
- Chronological
- Thread