[email protected] wrote: > Full_Name: Andrew Findlay > Version: 2.4.24 > OS: OpenSuSE 11.3 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (88.97.25.132) > > > For various test and teaching purposes I have a set of OpenLDAP configs that > run > small servers intended for local access only. As I run these on a wide variety > of machines and also give them to students to run on their own machines, all > the > LDAP clients are set up to access the servers via the loopback interface: > typically ldap://localhost:1389/ > > Some of the configs use TLS. I have a local CA which issues simple server > certs, > usually with 'CN=localhost' as part of the subject name. Since upgrading the > OS > and OpenLDAP version of my main test environment I find that TLS connections > are > failing:
> My client scripts used to work: I think this was purely because earlier > versions > of the TLS client code were less careful about checking certificates. > Specifically, the 'self signed certificate in certificate chain' error was not > even reported unless client-side debugging was turned on. Used to work - since when, what release, what else has changed since then? I'll note that I just tested some localhost certs a few days ago and they were fine, and the cert verification code hasn't changed in quite a long time. (E.g., ITS#6711 the test setup there uses localhost with no problem.) -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
