X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:references:date:in-reply-to
	:message-id:mime-version:content-type; q=dns; s=default; b=pRaV1
	36am/ESANRUz+ENGnv0HqTc4X1xiPnz1n3FnXJaK6RfJfXMnIXEUI//dBH7MRGxO
	TgUBdi2Ys/MWi9LnwI/je2Q7assSnbf3Vs682vzMgEmcxE/JY2Vru/D59Ed0mQrm
	LQTOhv1A3XNi1/9DUS93jcXAVedPZLR8XAKAPI=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:references:date:in-reply-to
	:message-id:mime-version:content-type; s=default; bh=teQKyx9a+6m
	8UFjG/CoWZvrfQco=; b=YU/gF2V3BDLjFCKKYrWWoNowYGzWhYD4Vu+IqYE/G0x
	ySotIYatpUY+LjmJxDhcWJxKq1q3DGu3kvKdk4iTzOMMiUI9STs61/Xdjv2XrGqK
	KtfYD/bwU9DaOfdw7mi44CFTUZBHZxw0F42tWSExSJn4Hm5IQobNpvn00S3iPpwo
	=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.1 spammy=services, HX-Spam-Relays-External:ESMTPA
X-HELO: vsmx012.vodafonemail.xion.oxcs.net
From: Achim Gratz <Stromeko AT nexgo DOT de>
To: cygwin AT cygwin DOT com
Subject: Re: Openldap 2.4.48-1 vs my company's pki
References: <CAN9EdkY=zrEv31+PD8XXu9rVw4H_eXLEoMk5u=7H02Q1Xu7-Wg AT mail DOT gmail DOT com>
Date: Fri, 02 Aug 2019 21:12:56 +0200
In-Reply-To: <CAN9EdkY=zrEv31+PD8XXu9rVw4H_eXLEoMk5u=7H02Q1Xu7-Wg@mail.gmail.com>	(David Goldberg's message of "Fri, 2 Aug 2019 11:45:40 -0400")
Message-ID: <87ftmje5zb.fsf@Rainer.invalid>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain

David Goldberg writes:
> I updated openldap from 2.4.42-1 to 2.4.48-1 this morning and now
> ldapsearch will not connect, complaining that the server provided
> certificate is self signed. I have set up /etc/pki with my company's
> certificate chain and that allows 2.4.42-1 (and earlier) and other
> applications to properly authenticate local services.

The PKI layout was slightly changed a while ago and the newer openssl
library used by the fresh openldap build may not pick up on the old
locations anymore.  What you should do is place the certificates into
the /etc/pki/ca-trust/source/anchors/ directory, then run

# update-ca-trust extract

which should correctly populate the directories that the libaries and
applications use.



Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Wavetables for the Terratec KOMPLEXER:
http://Synth.Stromeko.net/Downloads.html#KomplexerWaves

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple