ssl negotiation and openldap

["Brett @Google" <brett.maxfield@gmail.com>]

Hello,

I've recently had issues with a 3rd party java client using jdk 1.4.x, trying to connect with ldaps:// to openldap 2.4.26, compiled with OpenSSL 1.0.0d

It would appear that the client's jdk 1.4.x has a few harsh restrictions with regard to modulus size in certiicates, even with all unrestricted "export" policies installed.

So i was wondering a few things :

1. does openldap do anything with the CA certs, other than verify local or remote certiticates, such as sending them over the ssl connection  ?
2. it's my understanding that in SSL negotiation, only server or client certiticates are exchanged, and ca certs's are not sent over the wire
   (as IMHO it would literally bet a "trust" issue to do otherwise :).
3. other than providing certificates / keys to the openssl API, is there anything special that happens other than hand off to stock openssl negotiation ?

Trying to work out what is being sent to the client to trigger a "modulus size" error on the client, other than clients inherent badness which i cannot control :)

If 3. is no, then i'm open to any suggestions with regard to interesting or useful SSL negotiation documents out there, that might shed some light.

Cheers
Brett

-- 
The only thing that  interferes with my learning is my education.
      
Albert Einstein