On Sun, Jul 21, 2019 at 1:50 PM Michael Ströder <michael@stroeder.com> wrote:
On 7/20/19 8:45 PM, Nikos Voutsinas wrote:
> Weird... My build of OPENLDAP_REL_ENG_2_4_48 on Debian/Buster against
> openssl was working, without using the olcTLSCACertificateFile.

Why that happens is a good question.

You probably have to dig a bit deeper and examine whether the OpenSSL
lib initializes a default trust store generated by
update-ca-certificates (from Debian package ca-certificates) and whether
your CA cert is present there.
 

Yes, this is  what I suspect too, but that's out of the scope of this list. It also appears not to be a GNUTLS or OpenSSL issue, thus the above results are not relevant any more with the specific issue.

On the other hand it is nice that we were able to pinpoint the cause of problem before the announcement of the release, and start a discussion on the subject.

Nikos

Nikos