I'm cross posting this to crypto and ldap in the hopes nobody else will waste months of effort on a simple issue :)
Those of you that frequent these boards have probably seen several posts from me dating back to January regarding problems with client authentication and Sun directory server. We've been trying to set up our apps using Mozilla Java and C APIs and have them authenticate with using SASL / External. The problem was when multiple users would run at the same time, one of them would fail to authenticate on the directory server and return error "-12271: SSL peer cannot verify your certificate". The problem was with the directory server (5.2 patch 4, Solaris 8) and how it handles client certificates (or possibly in how we created the certificates). Apparently if the same DS machine receives two certifcates at the same time with the same serial number value, only one will be succesfully processed and the other will return the error above. This was pointed out to us by a Sun engineer, and it wasn't clear if this is a bug in the version or if this is how DS was intended to work. Regardless, once we changed each user's cert to have a unique serial number the problem dissapeared. Mike _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
