* Chuck Theobald <chuckt(a)uoregon.edu> [2015-04-23 22:34:31]:
What is the current wisdom regarding which tls library to use?
I've got a version 2.4.39 installation on RHEL 6.6 for which I cannot
get tls to work. I end up with the "TLS: can't connect: TLS error
-5938:Encountered end of file." error. Likely a misconfiguration of
moznss, though I followed one set of directions using certutil, but lack
the proper setting for my ldap TLSCACertificateFile.
My Debian-based ldap servers run with either openssl or gnutls.
I've managed to get the stock RHEL 6/7 2.4.39 packages to work with the
standard PEM-encoded certificates/keys generated by OpenSSL without
needing to convert them into the NSS-specific format.
My TLS settings are simply:
Also check if you have SELinux enabled that these files are labelled
with the correct context as that can be a source of phantom errors.