bugs@shiva.hostoffice.hu wrote:
Full_Name: Gabor Mayer Version: 2.4.11 OS: debian URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (91.120.131.147)
i discovered it when i turned on the peer verification at server side.
i'm using the following configuration at client side:
ldap.conf:
BASE dc=example,dc=org URI ldaps://ldap.example.org
TLS_CACERT /etc/ldap/server.crt
/root/.ldaprc:
TLS_CERT /etc/ldap/client.crt TLS_KEY /etc/ldap/client.key
i tried TLS_CERT& TLS_KEY in ldap.conf and in .ldaprc without success.
i tested it with ldapsearch -x and i got the following debug message at server if the TLSVerifyClient was turned on:
TLS trace: SSL3 alert write:fatal:handshake failure TLS trace: SSL_accept:error in SSLv3 read client certificate B TLS: can't accept. TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate s3_srvr.c:2455
i captured the tcp flow at client side and i saw the server's certificate only. the client didn't send its own certificate to the server!
Works for me on Ubuntu 8.10 using GNUtls 2.4.1. I suggest you contact the Debian folks about this. This ITS will be closed.