Hi,

I would like to open a discussion with OpenLDAP team. I hope this is the right email address. If not please let me know the correct to which this mail should be directed to.

Issue:

We are currently using OpenLdap 2.4.16 version on Win 64 .We are using RSA and MES Shareadapter internally to build the openldap libs.

I am getting the below error when I use Sha-256 (2048 key length) certificates:

ldap_sasl_bind_s: Can't contact LDAP server (-1) error:14090086:SSL routines: SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

I am using the option LDAP_OPT_X_TLS_CACERTDIR and pass the cert directory which has the certificates. This fails.
But the same passes when I use LDAP_OPT_X_TLS_CACERTFILE and point to the certicate which is of .pem format.

Can you please let me know I am missing something here or is this a bug?

Any help on this is appreciated.

Thanks
Anitha