[EMAIL PROTECTED] wrote: > Full_Name: Ben Goldsbury > Version: 2.4.9 > OS: Debian > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (209.208.68.2) > > > When OpenLDAP 2.4.9 is compiled against GnuTLS (version 2.2.1 in my testing) > and > using a valid Wildcard SSL certificate, TLS connections to OpenLDAP fail with: > > TLS certificate verification: Error, unable to get local issuer certificate > > When OpenLDAP 2.4.9 is compiled against OpenSSL (version 0.9.8c in my testing) > and using the same certificate, connections work properly. > > Please contact me if you need any additional information.
This sounds an awful lot like ITS#5361, which is a known defect in GnuTLS. What exactly do you mean by "Wildcard SSL certificate" ? There are a couple different approaches to that. One uses the subjectAltName extension, and that is the officially sanctioned approach. One uses "*" in the certificate CN, and that is non-standard and generally not supposed to work. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
