[Pkg-openldap-devel] Bug#502547: Bug#502547: libldap-2.4-2: client libldap doesn't send TLS certificate

Quanah Gibson-Mount quanah at zimbra.com
Fri Oct 17 16:36:12 UTC 2008


--On Friday, October 17, 2008 6:21 PM +0200 Mayer Gabor 
<bugs at shiva.hostoffice.hu> wrote:

> Package: libldap-2.4-2
> Version: 2.4.11-1
> Severity: normal
>
> server slapd.conf:
> TLSCACertificateFile /etc/ldap/server.crt
> TLSCertificateFile /etc/ldap/server.crt
> TLSCertificateKeyFile /etc/ldap/server.key
> TLSVerifyClient true
>
> client ldap.conf:
> BASE dc=example,dc=org
> URI ldaps://ldap.example.org
> TLS_CACERT /etc/ldap/server.crt
> TLS_CERT /etc/ldap/server.crt
> TLS_KEY /etc/ldap/server.key
>
> client log:
> ldapsearch -d 255 -x
> TLS: can't connect: A TLS fatal alert has been received..
> ldap_err2string
> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>
> server log:
> TLS trace: SSL3 alert write:fatal:handshake failure
> TLS trace: SSL_accept:error in SSLv3 read client certificate B
> TLS: can't accept.
> TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not
> return a certificate s3_srvr.c:2455

So you attempted to connect to a server that it couldn't contact, and that 
server didn't return a cert (since it can't be contacted).  What exactly is 
the bug here?

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration





More information about the Pkg-openldap-devel mailing list