[Pkg-openldap-devel] problem with verifying server-certificate
t.becker at fh-bingen.de
t.becker at fh-bingen.de
Thu Aug 17 21:47:36 UTC 2006
Zitat von Quanah Gibson-Mount <quanah at stanford.edu>:
>
>
> --On Thursday, August 17, 2006 1:38 PM +0200 t.becker at fh-bingen.de wrote:
>
> > So I think I can use TLS, but I can not verify the certificate of the
> > server via port 389. Have you hints or a solution for me to enable this
> > feature? I will use the ability to verify the certificates of the clients
> > in the future...but first this have to run. I searched the web for abaut
> > 5 days now and can not find athing that gets me further..
>
> Hm, I should have read this last bit a little closer.
>
> Port 389 is using TLS, which means a START TLS command has to be sent after
> the connection is made. I don't think you can set openssl's s_client to do
> this, but I certainly expect you to get the error you are seeing, because
> TLS hasn't been negotiated yet. I'm not sure why tls_checkpeer is failing
> in the pam code, but I'd guess that is a pam side problem.
>
> --Quanah
>
Thank you. I will have a closer look and some more tests with my pam settings.
I found a book, that decribes the error I got with openssl s_client and port
389. This can't do it.
Torsten
>
>
> --
> Quanah Gibson-Mount
> Principal Software Developer
> ITS/Shared Application Services
> Stanford University
> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
More information about the Pkg-openldap-devel
mailing list