On 04/20/15 20:07 +0200, E.therepa wrote:
Dear Tech list,
I'd like to use CRL's to regulate client connections to my slapd server.
So i've build working certs and keys with gnutls. The whole keysetup is tested and
by invoking gnu-serv and gnu-cli i could succesfully create connections and drop clients
in my revocation list.
In order to use this in slapd/ldap utils i use this settings,
# TLS certificates (needed for GnuTLS)
This is a user only option. See ldap.conf(5).
55353d59 slapd starting
55353d5b conn=1000 fd=16 ACCEPT from IP=10.50.2.12:50764 (IP=0.0.0.0:636)
TLS: can't accept: No certificate was found..
55353d5b conn=1000 fd=16 closed (TLS negotiation failure)
ldap_start_tls: Can't contact LDAP server (-1)
ldap_free_connection 1 1
ber_flush2: 7 bytes to sd 4
0000: 30 05 02 01 02 42 00 0....B.
ldap_write: want=7 error=Broken pipe
ldap_free_connection: actually freed
As far as i can see and found info my client and servers TLS settings are configured
What i really don't get is that the client doesnt send his certs to the server.