Howard Chu wrote:
This bug report makes no sense; the code you quoted is not part of
OpenLDAP 2.4.16. The relevant code is in function tlsg_session_accept()
in tls_g.c, and there is no such bug in that function.
Well, according to the CVS head branch, the code that I cited in tls.c
is still there:
But I certainly defer to your knowledge of which code is relevant -- I
was just looking around for a possible explanation to the problem that
I double-checked the version that I was running and it's actually
2.4.15, not 2.4.16. Would there be a significant difference between
these two versions with respect to TLS certificate handling? Again, here
is the error I'm getting on the server side with TLSVerifyClient set to
"try" and I do an ldapsearch over SSL without a client certificate:
TLS: gnutls_certificate_verify_peers2 failed -49
TLS: can't accept: (unknown error code).
connection_read(24): TLS accept failure error=-1 id=3, closing