delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2019/08/05/08:23:26

X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:mime-version:references:in-reply-to:from:date
:message-id:subject:to:content-type; q=dns; s=default; b=ZTfpxMy
FhuUC4ebqRMEddrrdQE470+OZFwZ35xw3qPR/EKuEBwqmxq4847zpI3N2xwuRniM
buJvss1MPyuzDKWZnwqOAoDC2mSWR1MCUr2AfvaLi4XMPKaT/3U5Zq46GWHT+0cj
QC2dLRv0oo2yUHti3Onv752i63HOsNPmoF+4=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:mime-version:references:in-reply-to:from:date
:message-id:subject:to:content-type; s=default; bh=VkDv6IJcVNpCm
AzmNSJGmdO+WmM=; b=kKJU3oKtLScMeBPSEOAH55j2D+N4G+RGoSN36M6kpPvLB
MexlF8CVEK07CLmalNV7RgtmgWm41/HAB2U+2nPxkqw1z7p+FzD/7pCMjt1mhsx5
9PDE4mQjsNG31SJRpWUsPs4LlEqHDp8o5nZkqEsKavdbduRz1DdxjIhDEPwtaA=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-1.8 required=5.0 tests=AWL,BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.1 spammy=wave, certificate, ssl, cert
X-HELO: mail-qk1-f169.google.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=/Sf4vt2h32zi5GlptcVyFf+gZ6oU1Ix+GYswaisJDAM=; b=mRKZKZ9CoVnpQj5/BWKIa1SuUmCE0eh1YOSj1XTBpczrBRDvihkwd9+FB0YLDan+fI gZd6vmLPzKEx3Z7WbFn2/ngsnmvHPnVDryN5joFjN4S2ml56JAWyfArl83jg+9+3cD7U r1Uw/xuz7NfhxdccaI2iIrCOZRqO3etnP37T0T+99OnY4Tw08Q52ox9tyaNy3kOoDtDo RpQgkX+24rtiPbaC48L3GFjypDxNQnSjpkE7Qwp+KorzVc+HJvI+UNgiGYdhBZ7OnPOg OW9nE2uj2UGCRRh5sr2AAPcTzavM0ZXeFI2F2kyqlVRR6SbZwazzFHxlPxtu0AM9BKNc aRyQ==
MIME-Version: 1.0
References: <CAN9EdkY=zrEv31+PD8XXu9rVw4H_eXLEoMk5u=7H02Q1Xu7-Wg AT mail DOT gmail DOT com> <87ftmje5zb DOT fsf AT Rainer DOT invalid> <CAN9EdkYzh558w=CG3UkzgN0rg98eVx2V0BcdktEwVEW3dS1qCQ AT mail DOT gmail DOT com> <874l2y4ulo DOT fsf AT Rainer DOT invalid>
In-Reply-To: <874l2y4ulo.fsf@Rainer.invalid>
From: David Goldberg <dsg18096 AT gmail DOT com>
Date: Mon, 5 Aug 2019 08:22:18 -0400
Message-ID: <CAN9EdkYG1aFnaMAPM3jg=0psRoiS1rF7Hze618UYj1mHByjKbg@mail.gmail.com>
Subject: Re: Openldap 2.4.48-1 vs my company's pki
To: cygwin AT cygwin DOT com
X-IsSubscribed: yes 

Sorry, was away from work over the weekend. I just tested with openssl
s_client and it works just fine.  Version is 1.1.1.  there is no self
signed certificate. It's signed with the company pki rather than commercial
and I've properly installed that chain. The problem send to be with the new
build, at least the weird ldd output leads me to that conclusion. I'll try
to find some time to build from source and see if it works.

Thanks

On Sat, Aug 3, 2019, 02:43 Achim Gratz <Stromeko AT nexgo DOT de> wrote:

> David Goldberg writes:
> > Thanks but unfortunately even after don't that I still get the complaint
> > that they're is a self signed certificate in the chain. We do indeed run
> > our own CA but it seems like that should not really be a problem.
>
> Wait, are you saying you do run a private CA, but the LDAP server cert
> is not certified through it?  Running
>
> openssl s_client -connect ldap:9010
>
> shows the certificate chain as seen by openssl and would tell you if
> you've registered the right cert to trust.  You can compare this to what
> ldapsearch outputs when run with a sufficiently high debuglevel to see
> if there's some obvious mismatch that would indicate a configuration
> error somewhere.  As a last resort you can run
>
> env LDAP_REQCERT=never ldapsearch ...
>
> to skip the certificate check and see if that at least works.  But you
> said it worked before, so that might not be the problem here...
>
> So let me guess that you need to point your ldap.conf to
> /etc/pki/... instead of /etc/ssl/... (which was the earlier default).
>
> Also, please read the update announcement about the state of the server
> components (if you use them).
>
>
> Regards,
> Achim.
> --
> +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
>
> Wavetables for the Terratec KOMPLEXER:
> http://Synth.Stromeko.net/Downloads.html#KomplexerWaves
>
> --
> Problem reports:       http://cygwin.com/problems.html
> FAQ:                   http://cygwin.com/faq/
> Documentation:         http://cygwin.com/docs.html
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>
>

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019