main: TLS init def ctx failed: -1
Fredrik Unger
fred at ludd.ltu.se
Fri Nov 26 15:12:50 CET 2010
On 11/26/2010 02:21 PM, Nikos Mavrogiannopoulos wrote:
> On Fri, Nov 26, 2010 at 2:10 PM, Fredrik Unger<fred at ludd.ltu.se> wrote:
>> sudo cat /etc/ldap/cert/key.pem
>> -----BEGIN RSA PRIVATE KEY-----
>> Proc-Type: 4,ENCRYPTED
>> DEK-Info: AES-256-CBC,CA6CC40CD8CF4D0C802B925FC4EAAE91
>> Is the header the problem ?
> This is a private openssl format. gnutls accepts keys if they are encrypted with
> PKCS #8 or if they are unencrypted.
Thanks,
with unencrypted key gnutls-serv works,
openldap does unfortunately still not start.
After looking into the openldap source code I have come to the
conclusion that it fails somewhere inside the if-branch that starts at
line 350 of tls_g.c
(random browsable code from the internet.. )
http://src.opensolaris.org/source/xref/sfw/usr/src/cmd/openldap/openldap-2.4.21/libraries/libldap/tls_g.c#350
since if for example the key in the configuration is left out it fails
with the "TLS: only one of certfile and keyfile specified" debug statement.
I guess my only option now is to instrument that part with debug
information to see what return -1 triggers the error.
Or can I turn on some gnutls flag that prints debug information ?
Thank you for your help.
/Fred
More information about the Gnutls-help
mailing list