30 messages in org.openldap.openldap-softwareRe: failover config: servers with sam...| From | Sent On | Attachments |
|---|---|---|
| Emmanuel Dreyfus | Jul 23, 2007 6:50 am | |
| Quanah Gibson-Mount | Jul 23, 2007 11:01 am | |
| Emmanuel Dreyfus | Jul 23, 2007 1:09 pm | |
| Quanah Gibson-Mount | Jul 23, 2007 1:18 pm | |
| Russ Allbery | Jul 23, 2007 4:35 pm | |
| Christopher Cowart | Jul 23, 2007 7:40 pm | |
| Howard Chu | Jul 23, 2007 9:58 pm | |
| Emmanuel Dreyfus | Jul 24, 2007 1:02 am | |
| Howard Chu | Jul 24, 2007 1:54 am | |
| Emmanuel Dreyfus | Jul 24, 2007 12:18 pm | |
| Quanah Gibson-Mount | Jul 25, 2007 8:52 am | |
| Emmanuel Dreyfus | Jul 25, 2007 9:06 am | |
| Quanah Gibson-Mount | Jul 25, 2007 9:47 am | |
| Michael Ströder | Jul 25, 2007 9:53 am | |
| Emmanuel Dreyfus | Jul 25, 2007 10:36 am | |
| Quanah Gibson-Mount | Jul 25, 2007 10:46 am | |
| Howard Chu | Jul 25, 2007 2:31 pm | |
| Michael Ströder | Jul 25, 2007 2:38 pm | |
| Howard Chu | Jul 25, 2007 2:44 pm | |
| Russ Allbery | Jul 25, 2007 2:45 pm | |
| Norman Gaywood | Jul 25, 2007 3:04 pm | |
| Emmanuel Dreyfus | Jul 25, 2007 8:30 pm | |
| Emmanuel Dreyfus | Jul 25, 2007 8:31 pm | |
| Howard Chu | Jul 25, 2007 11:17 pm | |
| Ralf Haferkamp | Jul 26, 2007 1:27 am | |
| Emmanuel Dreyfus | Jul 26, 2007 4:04 am | |
| Emmanuel Dreyfus | Jul 26, 2007 4:04 am | |
| Donn Cave | Jul 26, 2007 9:38 am | |
| Ralf Haferkamp | Jul 26, 2007 11:46 am | |
| Howard Chu | Jul 27, 2007 2:13 am |
| Subject: | Re: failover config: servers with same DNS address and TLS, subjectAltName extension | |
|---|---|---|
| From: | Ralf Haferkamp (rha...@suse.de) | |
| Date: | Jul 26, 2007 1:27:47 am | |
| List: | org.openldap.openldap-software | |
On Tuesday 24 July 2007 21:18, Emmanuel Dreyfus wrote:
Howard Chu <hy...@symas.com> wrote:
When you run OpenLDAP's configure script you will see:
checking OpenSSL library version (CRL checking capability)... no
indicating that your OpenSSL library doesn't support it. Otherwise I suppose you would see in your OpenSSL release notes/docs.
Yes, I discovered HAVE_OPENSSL_CRL. The problem is that this test validates at mine, despite OpenSSL version (0.9.7d)
configure:19757: checking OpenSSL library version (CRL checking capability) configure:19791: result: yes
And then if I use TLS_CRLCHECK, LDAP operation will fail:
ldap_bind: Can't contact LDAP server (-1) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I hope you'll agree with me that this is *very* misleading if CRL checks are not supposed to work with 0.9.7d.
They should work with 0.9.7d. IIRC that was the version I used when implementing CRL support. Note: As stated in the man-pages (ldap.conf(5) and slapd.conf(5)), when you want to use CRLs you have to specify a CACERTDIR. That directory has to be correctly hashed (using c_rehash).
-- Ralf