bgoldsbury@gleim.com wrote:

Full_Name: Ben Goldsbury Version: 2.4.9 OS: Debian URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (209.208.68.2)

When OpenLDAP 2.4.9 is compiled against GnuTLS (version 2.2.1 in my testing) and using a valid Wildcard SSL certificate, TLS connections to OpenLDAP fail with:

TLS certificate verification: Error, unable to get local issuer certificate

When OpenLDAP 2.4.9 is compiled against OpenSSL (version 0.9.8c in my testing) and using the same certificate, connections work properly.

Please contact me if you need any additional information.

This sounds an awful lot like ITS#5361, which is a known defect in GnuTLS.

What exactly do you mean by "Wildcard SSL certificate" ? There are a couple different approaches to that. One uses the subjectAltName extension, and that is the officially sanctioned approach. One uses "*" in the certificate CN, and that is non-standard and generally not supposed to work.