> Problem is openSSL only seems to work if I explicitly pass it the > location of the certificates with the -Capath switch. > It doesn't seem able to find them on it's own.
> This creates a problem for OpenLDAP when I am trying to query an LDAP > server via ssl/tls. > example: /usr/bin/ldapsearch -H "ldaps://server.name.ac.uk" > result: Can't contact LDAP server <snip> certificate verify failed. > I am assuming that openssl's inability to find hashed certificates for > globalsign (whose certificates are used on the LDAP server) > results in OpenLDAP not being able to authenticate the LDAP server's > certificates. That doesn't seem likely. What possible connection is there between the OpenSSL command line tool and the list of acceptable CA certificates for LDAP? > Perhaps I am misunderstanding what is going on and that the OpenLDAP > problem is not related to what I perceive to be an openSSL problem. If you want OpenLDAP to accept some certificates and not others, you need to configure it. Check out http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html#5.2.1 Notice the 'TSL_CACERT' and 'TLS_CACERTDIR' options? DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
