[Pkg-openldap-devel] Bug#538278: Bug#538278: ldaps doesn't work with tls
Mathias Gug
mathiaz at ubuntu.com
Fri Jul 24 15:46:31 UTC 2009
Hi Nicolas,
On Fri, Jul 24, 2009 at 11:16 AM, Nicolas Jungers<deblbug at jungers.net> wrote:
> Package: slapd
> Version: 2.4.11-1
>
>
> #-------- bits from slapd.conf
>
> # TLS configuration
> # CA
> TLSCACertificateFile /etc/ssl/certs/cacert.org.pem
> # Cert
> TLSCertificateFile /etc/ssl/certs/main.jungers.net.pem
> TLSCertificateKeyFile /etc/ssl/private/main.jungers.net-key.pem
> #TLSCipherSuite HIGH <-- not with gnutls (openssl keyword)
Could you try to add the CA Certificate
(/etc/ssl/certs/cacert.org.pem) to the TLSCertificateFile?
>
>
>
> #-------- if I try gnutls-cli I get
>
> gnutls-cli --x509cafile /etc/ssl/certs/cacert.org.pem -p 389
> main.jungers.netProcessed 2 CA certificate(s).
> Resolving 'main.jungers.net'...
> Connecting to '91.121.14.130:389'...
> *** Fatal error: A TLS packet with unexpected length was received.
> *** Handshake has failed
> GNUTLS ERROR: A TLS packet with unexpected length was received.
You should use the --starttls option to test against port 389 as this
port expects to start a plain connection (which is then upgraded to an
encrypted connection with startTLS).
--
Mathias Gug
Ubuntu Developer http://www.ubuntu.com
More information about the Pkg-openldap-devel
mailing list