Re: Out of ideas when troubleshooting TLS negotiation failure

Replying to my own message here, but I continue to investigate my problem and can't explain what I see. I put together a small test program to connect to our ldap server using same parameters as smbd. Setting "ldap debug level = 1" in smb.conf, and the equivalent LDAP_DEBUG_TRACE in my test program shows the smbd output complaining of certificate signature failure. smbd output:

> [LDAP] TLS certificate verification: depth: 0, err: 7, subject: > /C=US/postalCode=55455/ST=MN/L=Minneapolis/street=100 Union Street > SE/O=University of Minnesota/OU=School of Physics and > Astronomy/CN=ldap.spa.umn.edu,[LDAP] issuer: /C=US/ST=MI/L=Ann > Arbor/O=Internet2/OU=InCommon/CN=InCommon RSA Server CA > [LDAP] TLS certificate verification: Error, certificate signature failure

But my test program on same machine gives:

> TLS certificate verification: depth: 0, err: 0, subject: > /C=US/postalCode=55455/ST=MN/L=Minneapolis/street=100 Union Street > SE/O=University of Minnesota/OU=School of Physics and > Astronomy/CN=ldap.spa.umn.edu, issuer: /C=US/ST=MI/L=Ann > Arbor/O=Internet2/OU=InCommon/CN=InCommon RSA Server CA

Same certificate chain, but one case verifies and the other doesn't... I also stepped through smbd with gdb and verified that the parameters to ldap_simple_bind_s are the same as my test case. Wonder if anyone can venture a guess how this might occur?