[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [GnuTLS][TLS init def ctx failed: -1]

To: Warren Howard <warren@madtechsupport.com>
Subject: Re: [GnuTLS][TLS init def ctx failed: -1]
From: Marco Pizzoli <marco.pizzoli@gmail.com>
Date: Sat, 2 Apr 2011 17:38:04 +0200
Cc: openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=QiolP6de2dN1MaiR5cn63r9DbtSLtgppmzEweHdHM0M=; b=eowu2J3if/DaIDQk10kM9CpOFc2vYu+JiB78hvlEZ/yu5uJYfaPiWFKNBdFbB0Hq0m YrsYYn9viLVwaNVBWENsAoFbyJwRyiPAwRimZSmbqeLW6UiDMJvrnBqOZZ23oBm/ermE MKNQOfxonWAzJ/cPNwoR1E0Cpy0uZ5XUqRUDo=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=gvJtrsfZMGnlVsNri8I4PBqun1mGdcDV85Rc3X0aYHJTbJf6RqIbC9xk3gw1EXatu8 KFQR3154d72F5vlEl8tBocw3MHLYMNjw7cE61ygtxYb3VGH9ZAg9B784ZRDnwroHyqP0 iIvU+E+2YTaTp0WtFf/FomneCwTD/A7RTFLdY=
In-reply-to: <4D970F38.7020608@madtechsupport.com>
References: <4D970F38.7020608@madtechsupport.com>

On Sat, Apr 2, 2011 at 1:57 PM, Warren Howard <warren@madtechsupport.com> wrote:

Hi there,

I'm using:

slapd -V
@(#) $OpenLDAP: slapd 2.4.21 (Mar 30 2011 18:32:32) $
buildd@rothera:/build/buildd/openldap-2.4.21/debian/build/servers/slapd

cat /etc/issue
Ubuntu 10.04.2 LTS \n \l

This is Ubuntu so openldap has been compiled with GnuTLS

ldd /usr/sbin/slapd
.
.
.
libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0xb73a9000)
.
.
.

I've been following this guide https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html and the section on TLS works perfectly if I follow the instructions to the letter.

That is, so long as the locations of olcTLSCACertificateFile, olcTLSCertificate and olcTLSCertificateKeyFile are /etc/ssl/certs, /etc/ssl/certs and /etc/ssl/private respectively, then slapd will start. For example:

olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem
olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem
olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem

However, if I change the location of any of these files slapd will fail to start with the error "TLS init def ctx failed: -1".

Should anyone ask, yes I've doubled checked for correct file permissions and searched for typos. The names of the files does not matter, just their location.

These appears to be bug to me.

Regards,

Warren.

Hi,
check your AppArmor configuration. I had same problem some times ago.
You have to add that dirs to apparmor-slapd conf and reload app armor rules.

Hope this helps
Marco

--
_________________________________________
Non è forte chi non cade, ma chi cadendo ha la forza di rialzarsi.
Jim Morrison

Follow-Ups:
- Re: [GnuTLS][TLS init def ctx failed: -1]
  - From: Warren Howard <warren@madtechsupport.com>

References:
- [GnuTLS][TLS init def ctx failed: -1]
  - From: Warren Howard <warren@madtechsupport.com>

Prev by Date: [GnuTLS][TLS init def ctx failed: -1]
Next by Date: Re: [GnuTLS][TLS init def ctx failed: -1]
Index(es):
- Chronological
- Thread