Re: Can't use SSL session

"Dan O'Reilly" dano@process.com writes:

Using ldapsearch on a VMS system to attempt to do a directory lookup using SSL to a non-OpenLDAP directory on another system. I verified the root CA certificate is correct using:

$ openssl s_client -connect adtest:636 "-CAfile" test_root_ca.pem

My LDAP.CONF file contains:

TLS_CHECKPEER no BIND_POLICY soft TLS_REQCERT never TLS_CACERT RAPTOR$DKA0:[OREILLY.KEYS]TEST_ROOT_CA.PEM

What happens is below:

$ ldapsearch "-ZZ" -p 636 -d 255 -s base -x -w xxxxxxxxx -v "-D"

The -ZZ option initialises ldap_starttls request, while the server, listening on port 636 presents the certificate without starttls. You either do a ldapsearch to port 636 without starttls, or to port 389 with starttls.

-Dieter