Howard Chu wrote: Well, according to the CVS head branch, the code that I cited in tls.c is still there: http://www.openldap.org/devel/cvsweb.cgi/~checkout~/libraries/libldap/tls... But I certainly defer to your knowledge of which code is relevant -- I was just looking around for a possible explanation to the problem that I'm encountering. I double-checked the version that I was running and it's actually 2.4.15, not 2.4.16. Would there be a significant difference between these two versions with respect to TLS certificate handling? Again, here is the error I'm getting on the server side with TLSVerifyClient set to "try" and I do an ldapsearch over SSL without a client certificate: TLS: gnutls_certificate_verify_peers2 failed -49 TLS: can't accept: (unknown error code). connection_read(24): TLS accept failure error=-1 id=3, closing Thanks, -Kartik