[Bug 381791] Re: LDAP::SSLConn from ruby fails, probably from not seeing cert

[Xeno Campanoli]

Okay, this is probably important to add:

On the Ubuntu server machines I'm using, when I do a plain openssl call
like so:

openssl s_client -connect ipaddr:port

where ipaddr and port are definitely correct and shown to work in all
other ways with the ldap server we are trying to configure, we get data
back with the following ending:

SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Session-ID: 46AEE896A3CB7B0C0044D1169EA9672E769D7BF64194F96D8378D08D750D60AA
    Session-ID-ctx:
    Master-Key: FEADCD684F8CCEEA674C2D725D6BB5E4C1716B877C2B6B176E1C5BD0590D0CDFA28CC93BEB07548C997BD6B2FAB7009F
    Key-Arg   : None
    Start Time: 1243885042
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---snip---
so a 19, and supposedly we don't have a nice cert.  But the cert is there, and when I specify it thus:

openssl s_client -connect ipaddr:port -CAfile $certpath

I get output indicating normal access to our cert:

SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Session-ID: 46AECE8C1C97B9CE8D0547CD2FFF0DB787B11E90A2E4387A430CBEB3996BA67C
    Session-ID-ctx:
    Master-Key: 57B5AD4C296C9B0987539FB728F6ADBC7C6A9C579F0E119E87F7B621769D738053220479ADBA5E811EB163E273D5034E
    Key-Arg   : None
    Start Time: 1243888048
    Timeout   : 300 (sec)
    Verify return code: 0 (ok) 
snip----
so a zero; unixy success.  So, it seems to me there is a seriously likely guess to be made here since the responses I got back are similar in wording from openssl and the LDAPpy API to ruby.  I hope this helps.  xc

-- 
 LDAP::SSLConn from ruby fails, probably from not seeing cert
https://bugs.launchpad.net/bugs/381791
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs