On Fri, 2004-03-19 at 16:09, Tony Earnshaw wrote:
fre, 19.03.2004 kl. 14.02 skrev Vincent Jaussaud: [...]Mar 19 13:08:20 tux03 slapd[4635]: connection_read(8): TLS accept error error=-1 id=0, closing[...]Any idea what could be wrong ?Evo not stored/accepted the slapd certificate? Run the slapd daemon "by hand" (from the command line) at debug -d -1. You'll get an awful lot of output, but it should tell you exactly what's going on between the two.
Thanks for the tip. Here goes the interesting part of the output: TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write certificate request A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A connection_get(7): got connid=0 connection_read(7): checking for input on id=0 TLS trace: SSL3 alert read:fatal:unknown CA TLS trace: SSL_accept:failed in SSLv3 read client certificate A TLS: can't accept. TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca s3_pkt.c:1052 connection_read(7): TLS accept error error=-1 id=0, closing connection_closing: readying conn=0 sd=7 for close connection_close: conn=0 sd=7 Seems to me that my LDAP server is refusing the self-signed cert provided by Evolution. Isn't the LDAP option 'TLSVerifyClient never' suppose to handle that ? Any workaround ? Thanks. Vincent.
--Tonni
--
Vincent Jaussaud
Kelkoo.com Security Manager
email: tatooin kelkoo com
GPG key: 1024D/3BFE3FC7 2002-02-07
"Those who desire to give up freedom in order to gain security will not
have, nor do they deserve, either one."
-- President Thomas Jefferson. 1743-1826
Attachment:
signature.asc
Description: This is a digitally signed message part