On Fri, 2004-03-19 at 16:09, Tony Earnshaw wrote: > fre, 19.03.2004 kl. 14.02 skrev Vincent Jaussaud: > > [...] > > > Mar 19 13:08:20 tux03 slapd[4635]: connection_read(8): TLS accept error > > error=-1 id=0, closing > > [...] > > > Any idea what could be wrong ? > > Evo not stored/accepted the slapd certificate? Run the slapd daemon "by > hand" (from the command line) at debug -d -1. You'll get an awful lot of > output, but it should tell you exactly what's going on between the two.
Thanks for the tip.
Here goes the interesting part of the output:
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write certificate request A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(7): got connid=0
connection_read(7): checking for input on id=0
TLS trace: SSL3 alert read:fatal:unknown CA
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept.
TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
s3_pkt.c:1052
connection_read(7): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=7 for close
connection_close: conn=0 sd=7
Seems to me that my LDAP server is refusing the self-signed cert
provided by Evolution.
Isn't the LDAP option
'TLSVerifyClient never' suppose to handle that ?
Any workaround ?
Thanks.
Vincent.
>
> --Tonni
--
Vincent Jaussaud
Kelkoo.com Security Manager
email: [EMAIL PROTECTED]
GPG key: 1024D/3BFE3FC7 2002-02-07
"Those who desire to give up freedom in order to gain security will not
have, nor do they deserve, either one."
-- President Thomas Jefferson. 1743-1826
signature.asc
Description: This is a digitally signed message part
