From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 124345 invoked by alias); 2 Aug 2019 20:08:35 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 124338 invoked by uid 89); 2 Aug 2019 20:08:35 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=AWL,BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.1 spammy=Gratz, H*c:alternative, UD:cygwin.com, cygwincom X-HELO: mail-qt1-f172.google.com Received: from mail-qt1-f172.google.com (HELO mail-qt1-f172.google.com) (209.85.160.172) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 02 Aug 2019 20:08:33 +0000 Received: by mail-qt1-f172.google.com with SMTP id r6so70952480qtt.0 for ; Fri, 02 Aug 2019 13:08:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=QLAapD/tKPi8YuLcdPMHqOtf4sumS6Zi3HqbGBtAgAo=; b=QQl+BY89jPPbFKHxJQHK3leTNYsSoa3yG/H/B24jgl4GO1wuFt3v79debhAnwIvWxQ z5Hun3J/zjLsVPJwuRI1fJM/j+JtD9ptP/IoPBZhFkkDEnd+IokCs9fM+zNuQyouMrsQ lW3wjKrVmYM/VpReMppGfkI1EQh+41/v1nzMuoAjrL+X7oimtTIPIML95lgp7bv4uqbw w0BU1b3zKOFQ7kESEC47RFahP7k85SKhSjUrSgm2yIaHsvU8TORLIqeWg54UYWlELAns na0RIOXIdllzWoNQF7bvUGiwRH89httnICg6Zfu/wBAySgWhuDondUmCbJ/IKiKed7UW udFQ== MIME-Version: 1.0 References: <87ftmje5zb.fsf@Rainer.invalid> In-Reply-To: <87ftmje5zb.fsf@Rainer.invalid> From: David Goldberg Date: Fri, 02 Aug 2019 20:08:00 -0000 Message-ID: Subject: Re: Openldap 2.4.48-1 vs my company's pki To: cygwin@cygwin.com Content-Type: text/plain; charset="UTF-8" X-IsSubscribed: yes X-SW-Source: 2019-08/txt/msg00029.txt.bz2 Thanks but unfortunately even after don't that I still get the complaint that they're is a self signed certificate in the chain. We do indeed run our own CA but it seems like that should not really be a problem. On Fri, Aug 2, 2019, 15:13 Achim Gratz wrote: > David Goldberg writes: > > I updated openldap from 2.4.42-1 to 2.4.48-1 this morning and now > > ldapsearch will not connect, complaining that the server provided > > certificate is self signed. I have set up /etc/pki with my company's > > certificate chain and that allows 2.4.42-1 (and earlier) and other > > applications to properly authenticate local services. > > The PKI layout was slightly changed a while ago and the newer openssl > library used by the fresh openldap build may not pick up on the old > locations anymore. What you should do is place the certificates into > the /etc/pki/ca-trust/source/anchors/ directory, then run > > # update-ca-trust extract > > which should correctly populate the directories that the libaries and > applications use. > > > > Regards, > Achim. > -- > +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ > > Wavetables for the Terratec KOMPLEXER: > http://Synth.Stromeko.net/Downloads.html#KomplexerWaves > > -- > Problem reports: http://cygwin.com/problems.html > FAQ: http://cygwin.com/faq/ > Documentation: http://cygwin.com/docs.html > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > > -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple