Hello,
I've recently had issues with a 3rd party java client using jdk 1.4.x, trying to connect with ldaps:// to openldap 2.4.26, compiled with OpenSSL 1.0.0d
It would appear that the client's jdk 1.4.x has a few harsh restrictions with regard to modulus size in certiicates, even with all unrestricted "export" policies installed.
So i was wondering a few things :
1. does openldap do anything with the CA certs, other than verify local or remote certiticates, such as sending them over the ssl connection ? 2. it's my understanding that in SSL negotiation, only server or client certiticates are exchanged, and ca certs's are not sent over the wire (as IMHO it would literally bet a "trust" issue to do otherwise :). 3. other than providing certificates / keys to the openssl API, is there anything special that happens other than hand off to stock openssl negotiation ?
Trying to work out what is being sent to the client to trigger a "modulus size" error on the client, other than clients inherent badness which i cannot control :)
If 3. is no, then i'm open to any suggestions with regard to interesting or useful SSL negotiation documents out there, that might shed some light.
Cheers Brett