--On Wednesday, February 15, 2006 5:35 PM -0800 Howard Chu <[EMAIL PROTECTED]>
wrote:
Kurt D. Zeilenga wrote:
At 03:41 PM 2/15/2006, Quanah Gibson-Mount wrote:
On Wednesday 15 February 2006 15:40, Jon Roberts wrote:
ldapsearch -ZZZ -h 171.67.16.11 uid=quanah uid
ldap_start_tls: Connect error (-11)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Assuming the certificate doesn't list the
IP address 171.67.16.11 as a alternative subject
name (which ldapsearch(1) should check), correct.
But in the case of the OpenLDAP libraries, it would state explicitly
"hostname does not match". The above error message comes from the OpenSSL
library, meaning that there is something fundamentally wrong with the
certificate itself. Running with a higher debug level would be more
useful (or you could look up error code 14090086 in the OpenSSL source).
There's nothing wrong with the cert, I'm guessing I forgot to tell it where
to find the CA chain. ;)
tribes:~> ldapsearch -ZZZ -h 171.67.16.23 uid=quanah uid
ldap_start_tls: Connect error (-11)
additional info: TLS: hostname does not match CN in peer certificate
is the correct error after fixing that. ;)
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
