Hi, since a couple of days I try to setup a provider and a consumer over ssl following the documentation in a book [1] an dusing two servers. (Red Hat 5.x, openssl-0.9.8e-12, openldap-2.3.43-3 )
Doing so I was confronted with a lot off different warnings/messages but finaly I got the replication crypted. The final step in the tutorial is to use the saslmech=external but the messages I do get are different from the messages I should get. I noticed and googeled some provider debug info and wanted to ask for some prove or clarification or work around: >From the provider log: TLS certificate verification: Error, unsupported certificate purpose ... TLS trace: SSL3 alert write:warning:bad certificate connection_read(13): unable to get TLS client DN, error=49 id=1 >From a posting from 2006 and the answere from Howard Chu [2] I think I do have the same problem: My consumer server certificate "should be" from the providers view a client certificate. >From the certificate: X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Cert Type: SSL Server Am I wrong, right, lost, ... Is there a workaround or any step while creating the certificates? Thanks once more and best regards, Götz [1] http://www.galileocomputing.de/katalog/buecher/titel/gp/titelID-1801 [2] http://www.openldap.org/lists/openldap-software/200604/msg00202.html -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org