Trouble with SSL/TLS-connection to ldap
已查看 322 次
跳至第一个未读帖子
Trond Kandal
2015年4月14日 07:55:272015/4/14
收件人 simple...@googlegroups.com、trond....@ntnu.no
Hello, everybody.
For some reason the connection to a ldap-server always result in the
follow error-message:
...
... slapd[6175]: conn=2219 fd=17 closed (TLS negotiation failure)
...
I have tried with openssl s_client:
$ openssl s_client -host <hostname> -port <port>
...
Verify return code: 19 (self signed certificate in certificate chain)
....
And then I tried with:
...
openssl s_client -host <hostname> -port <port> -CApath /some/path/to/all/ca-certs
...
Verify return code: 0 (ok)
...
I then edited the php.ini-file and added the following.
...
openssl.capath=/some/path/to/all/ca-certs
...
But I get the same error from the ldap-server.
Is there anybody who has experienced the same and is able to tell me the solution?
Thank you very much.
Regards
Trond.
Jaime Perez Crespo
2015年6月5日 04:09:182015/6/5
收件人 simple...@googlegroups.com
Hi Trond!
I assume you restarted the web server after editing php.ini, right?
If it’s still not working, I would say it’s an issue with the php.ini file you are editing. I also see this option was introduced in PHP 5.6. Is that the version you are running?
> --
> You received this message because you are subscribed to the Google Groups "simpleSAMLphp" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to simplesamlph...@googlegroups.com.
> To post to this group, send email to simple...@googlegroups.com.
> Visit this group at http://groups.google.com/group/simplesamlphp.
> For more options, visit https://groups.google.com/d/optout.
--
Jaime Pérez
UNINETT / Feide
mail: jaime...@uninett.no
xmpp: ja...@jabber.uninett.no
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost
I assume you restarted the web server after editing php.ini, right?
If it’s still not working, I would say it’s an issue with the php.ini file you are editing. I also see this option was introduced in PHP 5.6. Is that the version you are running?
> You received this message because you are subscribed to the Google Groups "simpleSAMLphp" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to simplesamlph...@googlegroups.com.
> To post to this group, send email to simple...@googlegroups.com.
> Visit this group at http://groups.google.com/group/simplesamlphp.
> For more options, visit https://groups.google.com/d/optout.
--
Jaime Pérez
UNINETT / Feide
mail: jaime...@uninett.no
xmpp: ja...@jabber.uninett.no
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost
Trond Kandal@gmail.com
2015年6月5日 11:29:542015/6/5
收件人 simple...@googlegroups.com
> On 05 Jun 2015, at 10:09, Jaime Perez Crespo <jaime...@uninett.no> wrote:
>
> Hi Trond!
>
> I assume you restarted the web server after editing php.ini, right?
>
> If it’s still not working, I would say it’s an issue with the php.ini file you are editing. I also see this option was introduced in PHP 5.6. Is that the version you are running?
Thank You very much for the answer,- but I have given up this work now
and moved on to another project. Thank You very much anyhow. :)
Have a very nice weekend.
Trond Kandal.
回复全部
回复作者
转发
0 个新帖子