--On Thursday, February 09, 2017 12:49 PM -0800 Quanah Gibson-Mount quanah@symas.com wrote:
--On Thursday, February 09, 2017 9:43 PM +0100 "A. Schulze" sca@andreasschulze.de wrote:
that's not the issue. A TLS server sent it's certificate and all intermediates EXCLUDING the self signed root to the client. This is not true for my setup and I don't know why: misconfiguration or wrong ssl implementation.
Sorry, reading back over your configuration, I don't believe it's valid to specify both a CA path and a CA directory. You can use one or the other.
From the man page:
TLSCACertificatePath <path> Specifies the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used. This directive is not supported when using GnuTLS.
So it is not clear to me what happens if you use both. ;) I've certainly never tried that. Since you are using both, did you correctly "hash" the CA certs in the directory you pointed at?
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com