On Mon, 2004-03-22 at 13:48, Tony Earnshaw wrote: > Evo's LDAP client doesn't need a cert and doesn't complain about > self-signed certs - not 1.4.x, anyway. >
I agree, so I think the problem comes from openLDAP.
My slapd.conf is configured that way btw:
TLSCertificateFile /usr/share/ssl/certs/server.pem
TLSCertificateKeyFile /usr/share/ssl/certs/server.key
TLSVerifyClient never
TLSCACertificateFile /usr/share/ssl/certs/mycompanyCA.pem
TLSCACertificatePath /usr/share/ssl/certs/
And it definitely works with Mozilla / Outlook, so there has to be
something to do with evo.
Both Mozilla/Outlook knows about our company CA (eg, it is included in
their Trusting CA databases), while Evo do not.
But then, I don't understand what the "TLSVerifyClient never" option is
used for..
Thanks for the help.
Regards;
> --Tonni
--
Vincent Jaussaud
Kelkoo.com Security Manager
email: [EMAIL PROTECTED]
GPG key: 1024D/3BFE3FC7 2002-02-07
"Those who desire to give up freedom in order to gain security will not
have, nor do they deserve, either one."
-- President Thomas Jefferson. 1743-1826
signature.asc
Description: This is a digitally signed message part
