Outgoing SSL problem

Jason Stelzer cynic at elitistbastard.com
Tue Jul 11 22:12:34 CEST 2006


On Jul 10, 2006, at 6:24 AM, Jari Majander wrote:

> Hello,
> I am trying to connect to an OpenLDAP server from Roundcube using SSL.
> However, the SSL connection is never properly initialized due to  
> error 81 from
> the LDAP server. If I try
>
> openssl s_client -connect ldap.example.com:636 -showcerts -state -ssl3
> -CAfile cacerts.pem
>


This doesn't sound like a roundcube issue. What you probably need to  
do is import the self signed cert/ca into your ca-bundle. This file  
lists all the trusted sources for certs. If the cert cant be trusted,  
the connection shouldn't be opened, thus you have the failure mode  
you describe.


In the above example you're specifying a CAfile, if you don't do that  
you'll see that openssl doesn't consider your self signed cert valid.  
Depending on operating system you'll need to figure out where your  
list of trusted certs is kept and append the PEM format of your CA to  
it. Then, you should be able to connect via openssl without  
specifying a CAfile and the php ldap bind should work. Backup files  
before changing them :)


--
J.







More information about the users mailing list