Chuck Theobald wrote:
What is the current wisdom regarding which tls library to use?
I've got a version 2.4.39 installation on RHEL 6.6 for which I cannot
get tls to work. I end up with the "TLS: can't connect: TLS error
-5938:Encountered end of file." error. Likely a misconfiguration of
moznss, though I followed one set of directions using certutil, but lack
the proper setting for my ldap TLSCACertificateFile.
My Debian-based ldap servers run with either openssl or gnutls.
Stick with OpenSSL - it's most heavily used, most frequently tested, and
most commonly documented. MozNSS is the oldest and most "mature" code
base but architecturally it is still very immature and it has a long way
to go before its design is generally usable. GnuTLS is a travesty.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
