Hey,
Actually you are right, openldap on opensuse 13.1 is compiled with openssl.
I misread the output of "ldd", sorry for the inconvenience!
Thanks for your help anyway :)
Marc
Am 12.06.2014 11:12, schrieb Nikos Mavrogiannopoulos:
On Wed, Jun 11, 2014 at 7:50 PM, <[email protected]> wrote:
Hi,
i've been working on this problem quite long now.
OpenLDAP on my OpenSuSE 13.1 is compiled with gnutls apparently.
But connecting to the OpenLDAP server fails with the following message:
# ldapsearch -h localhost -W -D uid=admin,dc=example,dc=net -b
dc=example,dc=net -s sub "(uid=user1)" -v -ZZ
ldap_initialize( ldap://localhost )
ldap_start_tls: Connect error (-11)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (unsupported
certificate purpose)
This is not a gnutls error. Most likely is comes from openssl. My
guess would be that your server certificate doesn't have the correct
purpose set, or has some purpose set that is unknown to it.
Tracking down this error lead to a missing "Netscape Extension" called
"server".
I doubt that any software would use that extension. It has been dead
since a decade.
Most likely you need to consult the key purpose extensions. My guess
would be that it requires the "tls_www_server" option to the certtool
template.
regards,
Nikos
_______________________________________________
Gnutls-help mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnutls-help
