[Pkg-openldap-devel] problem with verifying server-certificate
Quanah Gibson-Mount
quanah at stanford.edu
Thu Aug 17 18:47:25 UTC 2006
--On Thursday, August 17, 2006 1:38 PM +0200 t.becker at fh-bingen.de wrote:
> So I think I can use TLS, but I can not verify the certificate of the
> server via port 389. Have you hints or a solution for me to enable this
> feature? I will use the ability to verify the certificates of the clients
> in the future...but first this have to run. I searched the web for abaut
> 5 days now and can not find athing that gets me further..
Hm, I should have read this last bit a little closer.
Port 389 is using TLS, which means a START TLS command has to be sent after
the connection is made. I don't think you can set openssl's s_client to do
this, but I certainly expect you to get the error you are seeing, because
TLS hasn't been negotiated yet. I'm not sure why tls_checkpeer is failing
in the pam code, but I'd guess that is a pam side problem.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
More information about the Pkg-openldap-devel
mailing list