Hi Nicolas, On Fri, Jul 24, 2009 at 11:16 AM, Nicolas Jungers<[email protected]> wrote: > Package: slapd > Version: 2.4.11-1 > > > #-------- bits from slapd.conf > > # TLS configuration > # CA > TLSCACertificateFile /etc/ssl/certs/cacert.org.pem > # Cert > TLSCertificateFile /etc/ssl/certs/main.jungers.net.pem > TLSCertificateKeyFile /etc/ssl/private/main.jungers.net-key.pem > #TLSCipherSuite HIGH <-- not with gnutls (openssl keyword)
Could you try to add the CA Certificate (/etc/ssl/certs/cacert.org.pem) to the TLSCertificateFile? > > > > #-------- if I try gnutls-cli I get > > gnutls-cli --x509cafile /etc/ssl/certs/cacert.org.pem -p 389 > main.jungers.netProcessed 2 CA certificate(s). > Resolving 'main.jungers.net'... > Connecting to '91.121.14.130:389'... > *** Fatal error: A TLS packet with unexpected length was received. > *** Handshake has failed > GNUTLS ERROR: A TLS packet with unexpected length was received. You should use the --starttls option to test against port 389 as this port expects to start a plain connection (which is then upgraded to an encrypted connection with startTLS). -- Mathias Gug Ubuntu Developer http://www.ubuntu.com -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
