Hi, I am trying to use mod_authz_ldap to query a X.509 certificate on a ldap directory in the directory, i have stored in the userCertificate attribute an BASE64 cerificate:
MIIHODCCBiCgAwIBAgIIX9kz4PL5XQ8wDQYJKo etc etc etc the problem is that I see on the /var/log/httpd/ssl_error_log that mod_authz_ladp is making a query to the directory like this: filter: (&(userCertificate=\\30\\82\\07\\38\\30\\82\\06\\20\\a0\\03\\02\\01\\02\\02\\08\\5f\\d9\\33\\e0\\f2\\f9\\5d\\0f\\30\\0d\\06\\09\\2a\\86\\48\\86\\f7\\0d\\01\\01\\05\\05\\00\\30\\7c\\31\\0b\\ etc etc etc \\7d)(objectClass=strongAuthenticationUser)) base: ou=AuthzLDAPCertmap,dc=cm-lisboa,dc=pt, no such user [Wed Apr 21 10:48:33 2010] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed Apr 21 10:48:34 2010] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed Apr 21 11:00:15 2010] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed Apr 21 11:00:16 2010] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed Apr 21 11:00:53 2010] [error] Re-negotiation handshake failed: Not accepted by client!? i think the module is trying to query using hexadecimal encoding against a values that is encoded on the directory as BASE64. Is this what is happening? if such, how can I compare the certificate? I cant find any help googling around, and the mod_authz_ldap list seems kind of dead, the author doesnt reply me either. Thanks a lot Luis ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
