On Tue, Dec 21, 2010 at 17:13:27 +0100, Nirgal Vourgère wrote:
> Support for TLS_CACERTDIR has been broken. See bug 513270
>
> I had a simmilar problem.
> Using an explicit TLS_CACERT with the specific crt/pem file works around.
Note that as it copies certificates into the /etc/ssl/certs directory,
the update-ca-certificates command also creates a single large file
/etc/ssl/certs/ca-certificates.crt containing copies of all of those
certificates.
Thus the OP may be able to use the line
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
in place of the original
TLS_CACERTDIR /etc/ssl/certs
line to achieve the goal of having the LDAP clients validate
successfully against servers using certificates issued by both his own
own root CA and by "proper CA certs".
(The update-ca-certificates command is included in the ca-certificates
package, and is called automatically by that package's postinst script
[but can be run manually as well; see the man page for more info].)
Nathan
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
