On Fri, 2004-03-19 at 23:19, Tony
Hmmm ... there's no bug. I'm using Openldap 2.2.6 and Evo 1.4.5 and all the TLS stuff works perfectly. You're supposed to make your own (3) certs for the LDAP server: a server cert, a private key and a CA cert. You should use the CA cert (you can buy one instead from Verisign or another CA if you really want to) to sign the server certs. The server certs should be issued to the hostname of the ldap server that you get on Linux by doing 'hostname -f'. How to do the cert stuff you should be able to read at www.openssl.org. Certainly don't use any cert you got with Evo.
That's what I already did. We are using a home made CA in our company; all internal certs are signed with this CA, including those used by the LDAP server. The hostname match in the server certificate as well. However, I'm not using any particular client certificate with Evolution; I don't know why I should btw, since TLS works just fine with my Sendmail server, or with my IMAPS box. Both of which are using certificates signed by my company CA, and both of which are able to securely talk using the default cert provided by evo... Regards,
--Tonni
--
Vincent Jaussaud
Kelkoo.com Security Manager
email: tatooin kelkoo com
GPG key: 1024D/3BFE3FC7 2002-02-07
"Those who desire to give up freedom in order to gain security will not
have, nor do they deserve, either one."
-- President Thomas Jefferson. 1743-1826
Attachment:
signature.asc
Description: This is a digitally signed message part