Re: main: TLS init def ctx failed: -1

[Fredrik Unger]

On 11/26/2010 02:21 PM, Nikos Mavrogiannopoulos wrote:
> On Fri, Nov 26, 2010 at 2:10 PM, Fredrik Unger<address@hidden>  wrote:
> > sudo cat /etc/ldap/cert/key.pem
> > -----BEGIN RSA PRIVATE KEY-----
> > Proc-Type: 4,ENCRYPTED
> > DEK-Info: AES-256-CBC,CA6CC40CD8CF4D0C802B925FC4EAAE91
> > Is the header the problem ?

> This is a private openssl format. gnutls accepts keys if they are encrypted with
> PKCS #8 or if they are unencrypted.

Thanks,
with unencrypted key gnutls-serv works,
openldap does unfortunately still not start.

After looking into the openldap source code I have come to the 
conclusion that it fails somewhere inside the if-branch that starts at 
line 350 of tls_g.c
(random browsable code from the internet.. )

http://src.opensolaris.org/source/xref/sfw/usr/src/cmd/openldap/openldap-2.4.21/libraries/libldap/tls_g.c#350

since if for example the key in the configuration is left out it fails 
with the "TLS: only one of certfile and keyfile specified" debug statement.

I guess my only option now is to instrument that part with debug 
information to see what return -1 triggers the error.
Or can I turn on some gnutls flag that prints debug information ?

Thank you for your help.

/Fred