From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-return-217412-listarch-cygwin=sourceware.org@cygwin.com>
Received: (qmail 59097 invoked by alias); 2 Aug 2019 19:13:04 -0000
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Received: (qmail 59088 invoked by uid 89); 2 Aug 2019 19:13:03 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.1 spammy=services, HX-Spam-Relays-External:ESMTPA
X-HELO: vsmx012.vodafonemail.xion.oxcs.net
Received: from vsmx012.vodafonemail.xion.oxcs.net (HELO vsmx012.vodafonemail.xion.oxcs.net) (153.92.174.90) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 02 Aug 2019 19:13:01 +0000
Received: from vsmx004.vodafonemail.xion.oxcs.net (unknown [192.168.75.198])	by mta-8-out.mta.xion.oxcs.net (Postfix) with ESMTP id 9673EF3527F	for <cygwin@cygwin.com>; Fri,  2 Aug 2019 19:12:59 +0000 (UTC)
Received: from Gertrud (unknown [91.47.53.40])	by mta-8-out.mta.xion.oxcs.net (Postfix) with ESMTPA id 6A03819AD8B	for <cygwin@cygwin.com>; Fri,  2 Aug 2019 19:12:57 +0000 (UTC)
From: Achim Gratz <Stromeko@nexgo.de>
To: cygwin@cygwin.com
Subject: Re: Openldap 2.4.48-1 vs my company's pki
References: <CAN9EdkY=zrEv31+PD8XXu9rVw4H_eXLEoMk5u=7H02Q1Xu7-Wg@mail.gmail.com>
Date: Fri, 02 Aug 2019 19:13:00 -0000
In-Reply-To: <CAN9EdkY=zrEv31+PD8XXu9rVw4H_eXLEoMk5u=7H02Q1Xu7-Wg@mail.gmail.com>	(David Goldberg's message of "Fri, 2 Aug 2019 11:45:40 -0400")
Message-ID: <87ftmje5zb.fsf@Rainer.invalid>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-SW-Source: 2019-08/txt/msg00028.txt.bz2

David Goldberg writes:
> I updated openldap from 2.4.42-1 to 2.4.48-1 this morning and now
> ldapsearch will not connect, complaining that the server provided
> certificate is self signed. I have set up /etc/pki with my company's
> certificate chain and that allows 2.4.42-1 (and earlier) and other
> applications to properly authenticate local services.

The PKI layout was slightly changed a while ago and the newer openssl
library used by the fresh openldap build may not pick up on the old
locations anymore.  What you should do is place the certificates into
the /etc/pki/ca-trust/source/anchors/ directory, then run

# update-ca-trust extract

which should correctly populate the directories that the libaries and
applications use.



Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Wavetables for the Terratec KOMPLEXER:
http://Synth.Stromeko.net/Downloads.html#KomplexerWaves

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple