ID: 18049 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Closed Bug Type: LDAP related Operating System: Windows 2000 Advanced Server PHP Version: 4.2.1 Assigned To: edink New Comment:
Were you able to make it work? I'm asking since getting openldap libs to compile on windows with SSL support is a non-trivial task. Previous Comments: ------------------------------------------------------------------------ [2002-10-12 10:42:43] [EMAIL PROTECTED] OK, since the dll is now compiled with ssl-support, PHP is not the problem any longer. Just one last question: Will the ssl-support for the win32-version be integrated in future php-releases? ------------------------------------------------------------------------ [2002-10-12 09:39:20] [EMAIL PROTECTED] Why do you ask these questions here when you could have got the answers simply by searching with some search engine?! http://www.openldap.org/lists/openldap-software/200108/msg00043.html Bogusing this bug report since this really IS NOT any bug in PHP. ------------------------------------------------------------------------ [2002-10-12 05:35:08] [EMAIL PROTECTED] In the last week I did some testing. I used PHP 4.2.3 with your php_ldap.dll on Win2000 and Apache 1.3.26. The OpenLDAP-server (slapd) was running on Linux and Win2000, but I get the same results on both platforms. I created the configuration-file "C:\OpenLDAP\sysconf\ldap.conf" (I saw that string in php_ldap.dll) on the machine, where PHP is running. In this file I put the TLS_REQCERT-directive and tested with all 4 possible values: never, allow: seems to work try, demand: does not work, PHP always sends a client certificate, which the LDAP-server can't accept (see above). But there is no client certificate configured!? ------------------------------------------------------------------------ [2002-10-03 19:10:46] [EMAIL PROTECTED] From: http://www.openldap.org/doc/admin/tls.html "11.2.2.6. TLS_REQCERT { never | allow | try | demand } This directive is equivalent to the server's TLSVerifyClient option. However, for clients the default value is demand and there generally is no good reason to change this setting." (I don't have any server setup so I can't test this myself now) ------------------------------------------------------------------------ [2002-10-03 07:27:12] [EMAIL PROTECTED] Thank you for compiling the dll with ssl-support. It seems to work so far. But now I have the problem, that PHP always wants to send a client certificate, even with "TLSVerifyClient never" in slapd.conf. In the debug-console of the LDAP-server I can read: TLS trace: SSL3 alert read:fatal:unknown TLS trace: SSL_accept:failed in SSLv3 read client certificate A TLS: can't accept TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca s3_pkt.c:964 Where can I configure, that PHP should not send a client certificate, or where do I have to put it? ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/18049 -- Edit this bug report at http://bugs.php.net/?id=18049&edit=1
