Hi,
We encountered a problem using OpenLDAP with OpenSSL when there were
more than one certificate with the same subject.
In our test setup, there were three self-signed certificates with the
same subject, two of which were expired and one was valid.
When the valid certificate is at <hash>.0, things work fine.
However, when an invalid certificate is at <hash>.0, it fails to connect
to the LDAP server even if the valid certificate is available at
<hash>.1 or <hash>.2.
# openldapsearch -H <server>:636 -x -b "" -s base objectclass=\*
namingcontexts
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
The trace of the process shows that all 3 certificates were opened but
X509_verify_cert() returns 0 when an invalid certificate is at <hash>.0.
Does OpenSSL stop searching for a valid certificate when it finds a
certificate with matching DN?
Thank you,
-- misaki
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
