[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: main: TLS init def ctx failed: -1
From: |
Fredrik Unger |
Subject: |
Re: main: TLS init def ctx failed: -1 |
Date: |
Fri, 26 Nov 2010 15:12:50 +0100 |
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.15) Gecko/20101030 Icedove/3.0.10 |
On 11/26/2010 02:21 PM, Nikos Mavrogiannopoulos wrote:
On Fri, Nov 26, 2010 at 2:10 PM, Fredrik Unger<address@hidden> wrote:
sudo cat /etc/ldap/cert/key.pem
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,CA6CC40CD8CF4D0C802B925FC4EAAE91
Is the header the problem ?
This is a private openssl format. gnutls accepts keys if they are encrypted with
PKCS #8 or if they are unencrypted.
Thanks,
with unencrypted key gnutls-serv works,
openldap does unfortunately still not start.
After looking into the openldap source code I have come to the
conclusion that it fails somewhere inside the if-branch that starts at
line 350 of tls_g.c
(random browsable code from the internet.. )
http://src.opensolaris.org/source/xref/sfw/usr/src/cmd/openldap/openldap-2.4.21/libraries/libldap/tls_g.c#350
since if for example the key in the configuration is left out it fails
with the "TLS: only one of certfile and keyfile specified" debug statement.
I guess my only option now is to instrument that part with debug
information to see what return -1 triggers the error.
Or can I turn on some gnutls flag that prints debug information ?
Thank you for your help.
/Fred