hi everybody,
I could not connect to slapd, command would fail with infamous:
TLS: error: connect - force handshake failure: errno 0 - moznss error -5938 TLS: can't connect: TLS error -5938:Encountered end of file. ldap_err2string ldap_start_tls: Connect error (-11) additional info: TLS error -5938:Encountered end of file
I was positive about certs, restarted daemons, looked at other obvious places, etc. - nothing. Only after I removed database & config files, recreated/restarted the whole slap it worded.
Would it be that slapd caches certificates somewhere and does not re-read those upon restart?
many thanks
--On Wednesday, June 17, 2015 4:05 PM +0100 lejeczek peljasz@yahoo.co.uk wrote:
hi everybody,
I could not connect to slapd, command would fail with infamous:
TLS: error: connect - force handshake failure: errno 0 - moznss error
The moznnss code was written and is maintained by RedHat. You will need to contact them with issues related to OpenLDAP linked to Moznss. If you want working stable TLS, use an openldap linked to OpenSSL.
--Quanah
--
Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
On 17/06/15 16:32, Quanah Gibson-Mount wrote:
--On Wednesday, June 17, 2015 4:05 PM +0100 lejeczek peljasz@yahoo.co.uk wrote:
hi everybody,
I could not connect to slapd, command would fail with infamous:
TLS: error: connect - force handshake failure: errno 0 - moznss error
The moznnss code was written and is maintained by RedHat. You will need to contact them with issues related to OpenLDAP linked to Moznss. If you want working stable TLS, use an openldap linked to OpenSSL.
--Quanah
--
Quanah Gibson-Mount Platform Architect Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration
I don't think there anything wrong with their version(s) I restarted a number of time slapd daemon but only after I recreated whole config and db files anew the same certificate worked right away - so my question as in the subject of my first eamil was: does slapd store/cache TLS certs? - it seems this must have been the reason.
openldap-technical@openldap.org
-
lejeczek -
Quanah Gibson-Mount