ID: 18049 Comment by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Closed Bug Type: LDAP related Operating System: Windows 2000 Advanced Server PHP Version: 4.2.1 Assigned To: edink New Comment:
The error "TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca s3_pkt.c:964" in the SSL debug output is a red herring. PHP is not sending a client cert or doing anything with client certs. The problem here is PHP does not trust the server, as it does not have the LDAP server's public certificate. What you need to do is create the file "c:\OpenLDAP\sysconf\ldap.conf" with the single line "TLS_CACERT c:\path\to\server.cert" where server.cert is the cert of the LDAP directory to which you are trying to connect. With that in place, ldaps should work. Previous Comments: ------------------------------------------------------------------------ [2002-10-16 14:40:53] [EMAIL PROTECTED] It seems to work under certain circumstances as you can read in my previous post (12 Oct 5:35am). I tested it only with OpenLDAP-server, because I don't have access to an Novell Edirectory-Server at the moment. I will test it again in the future and post the results here. ------------------------------------------------------------------------ [2002-10-14 17:38:11] [EMAIL PROTECTED] Were you able to make it work? I'm asking since getting openldap libs to compile on windows with SSL support is a non-trivial task. ------------------------------------------------------------------------ [2002-10-12 10:42:43] [EMAIL PROTECTED] OK, since the dll is now compiled with ssl-support, PHP is not the problem any longer. Just one last question: Will the ssl-support for the win32-version be integrated in future php-releases? ------------------------------------------------------------------------ [2002-10-12 09:39:20] [EMAIL PROTECTED] Why do you ask these questions here when you could have got the answers simply by searching with some search engine?! http://www.openldap.org/lists/openldap-software/200108/msg00043.html Bogusing this bug report since this really IS NOT any bug in PHP. ------------------------------------------------------------------------ [2002-10-12 05:35:08] [EMAIL PROTECTED] In the last week I did some testing. I used PHP 4.2.3 with your php_ldap.dll on Win2000 and Apache 1.3.26. The OpenLDAP-server (slapd) was running on Linux and Win2000, but I get the same results on both platforms. I created the configuration-file "C:\OpenLDAP\sysconf\ldap.conf" (I saw that string in php_ldap.dll) on the machine, where PHP is running. In this file I put the TLS_REQCERT-directive and tested with all 4 possible values: never, allow: seems to work try, demand: does not work, PHP always sends a client certificate, which the LDAP-server can't accept (see above). But there is no client certificate configured!? ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/18049 -- Edit this bug report at http://bugs.php.net/?id=18049&edit=1
