On Wed, Jun 11, 2014 at 7:50 PM, <[email protected]> wrote: > Hi, > i've been working on this problem quite long now. > OpenLDAP on my OpenSuSE 13.1 is compiled with gnutls apparently. > But connecting to the OpenLDAP server fails with the following message: > # ldapsearch -h localhost -W -D uid=admin,dc=example,dc=net -b > dc=example,dc=net -s sub "(uid=user1)" -v -ZZ > ldap_initialize( ldap://localhost ) > ldap_start_tls: Connect error (-11) > additional info: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (unsupported > certificate purpose)
This is not a gnutls error. Most likely is comes from openssl. My guess would be that your server certificate doesn't have the correct purpose set, or has some purpose set that is unknown to it. > Tracking down this error lead to a missing "Netscape Extension" called > "server". I doubt that any software would use that extension. It has been dead since a decade. Most likely you need to consult the key purpose extensions. My guess would be that it requires the "tls_www_server" option to the certtool template. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
