On Sun, Jul 21, 2019 at 1:50 PM Michael Ströder michael@stroeder.com wrote:
On 7/20/19 8:45 PM, Nikos Voutsinas wrote:
Weird... My build of OPENLDAP_REL_ENG_2_4_48 on Debian/Buster against openssl was working, without using the olcTLSCACertificateFile.
Why that happens is a good question.
You probably have to dig a bit deeper and examine whether the OpenSSL lib initializes a default trust store generated by update-ca-certificates (from Debian package ca-certificates) and whether your CA cert is present there.
Yes, this is what I suspect too, but that's out of the scope of this list. It also appears not to be a GNUTLS or OpenSSL issue, thus the above results are not relevant any more with the specific issue.
On the other hand it is nice that we were able to pinpoint the cause of problem before the announcement of the release, and start a discussion on the subject.
Nikos
Nikos