[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS verify errors

To: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>, User1001 <supraexpress@globaleyes.net>
Subject: Re: TLS verify errors
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Thu, 16 Aug 2007 10:08:39 -0700
Cc: openldap-software@openldap.org
Content-disposition: inline
In-reply-to: <hbf.20070816uzsl@bombur.uio.no>
References: <9B07DB76E347F080E954C777@deus-ex.zimbra.com> <hbf.20070816uzsl@bombur.uio.no>

--On Thursday, August 16, 2007 2:42 PM +0200 Hallvard B Furuseth <h.b.furuseth@usit.uio.no> wrote:

Quanah Gibson-Mount writes:

TLS_CACERT /opt/zimbra/conf/ca/ca.pem
(...)
If I change it to TLS_CACERTDIR and adjust to a path, (...)


If I remember correctly TLS_CACERTDIR needs to be set up with some
OpenSSL magic, it's not just a directory into which you can drop
certificate files.  Maybe the reverse is true as well, and a cert
from a TLS_CACERTDIR does not work in TLS_CACERT.

Thank you both for your responses. Interestingly enough, slapd will start, and STARTTLS will work, if I create the hash and use TLSCACERTDIR.

However, why won't it work if I use TLS_CACERT <file> ? It should be perfectly valid, and that actually works for me on every other platform I use (Linux). The only one where this doesn't work is on MAC OS X. Must be a Mac specific bug I guess.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Follow-Ups:
- Re: TLS verify errors
  - From: User1001 <supraexpress@globaleyes.net>

References:
- TLS verify errors
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: TLS verify errors
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: High availability
Next by Date: access permissions
Index(es):
- Chronological
- Thread