[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenSSL clients connect over TLS, GnuTLS clients cannot.



Hello,

I'm having a problem getting TLS connections working properly when
clients of the server are built against GnuTLS.  When clients are built
against OpenSSL, TLS connections work properly.

If OpenLDAP is built against GnuTLS, TLS connections fail with this
error (some debug included):

TLS: peer cert untrusted or revoked (0x42)
ldap_err2string
ldap_start_tls: Connect error (-11)


For testing, I've tried the following setups.  Each use the same
configuration:
GnuTLS (client) -> GnuTLS (server) = failure
OpenSSL (client) -> GnuTLS (server) = success
GnuTLS (client) -> OpenSSL (server) = failure
OpenSSL (client) -> OpenSSL (server) = success


Also, I have used GnuTLS's testing tools (gnutls-serv and gnutls-cli) to
verify that GnuTLS is working properly with the certificate.
gnutls-serv \
        --x509certfile /etc/ssl/my_ssl/server.key \
        --x509keyfile /etc/ssl/my_ssl/server.crt
gnutls-cli \
        --x509cafile /etc/ssl/certs/ca-certificates.crt \
        -p 5556 \
        ldapserver.mydomain.com

GnuTLS output:
- Peer's certificate is trusted
- Version: TLS1.1
- Key Exchange: DHE-RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed


Versions used:
GnuTLS 2.2.1
OpenSSL 0.9.8c
OpenLDAP 2.4.9

Does anyone have any ideas whats going on, or any idea how to
troubleshoot this further?

Is this something that should go to the openldap-bugs mailing list?

Thank you.