Hi all,
I've managed to get dovecot running with ldaps (ssl over port 636, not
starttls).
Btw, it's working right only if i specify "TLSVerifyClient never"
in my slapd.conf.
With any other parameter (like "TLSVerifyClient demand"), the bind
fails with:
connection_get(12)
connection_get(12): got connid=0
connection_read(12): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write certificate request A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(12)
connection_get(12): got connid=0
connection_read(12): checking for input on id=0
TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read client certificate B
TLS: can't accept.
TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return
a certificate
+/usr/src/lib/libssl/src/ssl/s3_srvr.c:2004
connection_read(12): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=12 for close
connection_close: conn=0 sd=12
Is there a way to specify, in the dovecot-ldap.conf file, where to look for the
client
certificate and key files? Or maybe make dovecot parse the ldaprc file under
/etc?
Best Regards,
David