On 21/02/11 20:25, Chris Jackson wrote:
I am having trouble accessing my openldap server over SSL using an
iPhone/iPad/iPod Touch using ios 4.2.1. If I check the SSL box in the
client setup on the iPhone/iPad/iPod Touch I get an error in the slapd
log -- TLS negotiation Failure. With logging level 9 I get TLS accept
failure error=-1 id=1.
Other clients work fine over SSL/StartTLS. Outlook, addressbook in osX
10.6, jxplorer.
I am using openldap 2.4.19-15 on RHEL6 with a comodo wildcard SSL cert.
FWIW we had a similar problem here with our mail server accepting IMAPS
connections fine from everything except iPhones.
After some experimentation, I eventually found out it was because I had
generated our new SSL keys with "openssl gendsa" and it seems that for
some reason known only to Apple, only RSA keys as opposed to DSA keys
are supported in their iPhone TLS/SSL implementation. Regenerating a new
key with "openssl genrsa" instead and using that to sign the server SSL
certificate instead solved the problem and allowed the iPhones to connect.
HTH,
Mark.
--
Mark Cave-Ayland - Senior Technical Architect
PostgreSQL - PostGIS
Sirius Corporation plc - control through freedom
http://www.siriusit.co.uk
t: +44 870 608 0063
Sirius Labs: http://www.siriusit.co.uk/labs
