bugs@shiva.hostoffice.hu wrote:

Full_Name: Gabor Mayer Version: 2.4.11 OS: debian URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (91.120.131.147)

i discovered it when i turned on the peer verification at server side.

i'm using the following configuration at client side:

ldap.conf:

BASE dc=example,dc=org URI ldaps://ldap.example.org

TLS_CACERT /etc/ldap/server.crt

/root/.ldaprc:

TLS_CERT /etc/ldap/client.crt TLS_KEY /etc/ldap/client.key

i tried TLS_CERT& TLS_KEY in ldap.conf and in .ldaprc without success.

i tested it with ldapsearch -x and i got the following debug message at server if the TLSVerifyClient was turned on:

TLS trace: SSL3 alert write:fatal:handshake failure TLS trace: SSL_accept:error in SSLv3 read client certificate B TLS: can't accept. TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate s3_srvr.c:2455

i captured the tcp flow at client side and i saw the server's certificate only. the client didn't send its own certificate to the server!

Works for me on Ubuntu 8.10 using GNUtls 2.4.1. I suggest you contact the Debian folks about this. This ITS will be closed.