ID: 18049 User updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Feedback +Status: Open Bug Type: LDAP related Operating System: Windows 2000 Advanced Server PHP Version: 4.2.1 Assigned To: edink New Comment:
In the last week I did some testing. I used PHP 4.2.3 with your php_ldap.dll on Win2000 and Apache 1.3.26. The OpenLDAP-server (slapd) was running on Linux and Win2000, but I get the same results on both platforms. I created the configuration-file "C:\OpenLDAP\sysconf\ldap.conf" (I saw that string in php_ldap.dll) on the machine, where PHP is running. In this file I put the TLS_REQCERT-directive and tested with all 4 possible values: never, allow: seems to work try, demand: does not work, PHP always sends a client certificate, which the LDAP-server can't accept (see above). But there is no client certificate configured!? Previous Comments: ------------------------------------------------------------------------ [2002-10-03 19:10:46] [EMAIL PROTECTED] From: http://www.openldap.org/doc/admin/tls.html "11.2.2.6. TLS_REQCERT { never | allow | try | demand } This directive is equivalent to the server's TLSVerifyClient option. However, for clients the default value is demand and there generally is no good reason to change this setting." (I don't have any server setup so I can't test this myself now) ------------------------------------------------------------------------ [2002-10-03 07:27:12] [EMAIL PROTECTED] Thank you for compiling the dll with ssl-support. It seems to work so far. But now I have the problem, that PHP always wants to send a client certificate, even with "TLSVerifyClient never" in slapd.conf. In the debug-console of the LDAP-server I can read: TLS trace: SSL3 alert read:fatal:unknown TLS trace: SSL_accept:failed in SSLv3 read client certificate A TLS: can't accept TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca s3_pkt.c:964 Where can I configure, that PHP should not send a client certificate, or where do I have to put it? ------------------------------------------------------------------------ [2002-10-02 20:11:46] [EMAIL PROTECTED] Could you please try: http://ftp.proventum.net/pub/php/win32/temp/php_4.2.x_ldap.zip ------------------------------------------------------------------------ [2002-10-01 20:48:07] [EMAIL PROTECTED] Assigning to Edin, so he remembers to look into enabling the ssl support for snapshots/releases. ------------------------------------------------------------------------ [2002-07-22 12:05:54] [EMAIL PROTECTED] Is really noone able to compile this dll with ssl-support? ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/18049 -- Edit this bug report at http://bugs.php.net/?id=18049&edit=1
