Date: Wed, 25 Nov 2009 10:59:50 -0500 From: Maxim Khitrov <mkhitrov@gmail.com> To: bseklecki@noc.cfi.pgh.pa.us Cc: Free BSD Questions list <freebsd-questions@freebsd.org> Subject: Re: Apache 2.2 mod_ldap refusing to work over SSL/TLS Message-ID: <26ddd1750911250759v269069c8y806ebefaab7f66f4@mail.gmail.com> In-Reply-To: <4B0D5143.1060500@noc.cfi.pgh.pa.us> References: <26ddd1750911190833l2b5ff6beucc652f7ed338c1a@mail.gmail.com> <4B0D5143.1060500@noc.cfi.pgh.pa.us>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Nov 25, 2009 at 10:46 AM, Brian A. Seklecki (CFI NOC) <seklecki@noc.cfi.pgh.pa.us> wrote: > >> As far as I can tell, it doesn't even get to the certificate >> verification phase even though the STARTTLS command is successful. > > Is there any level of debugging that can be increased on the Apache side = ? > =C2=A0Possibly a build/compile-time option for the module? > > Debugging apache code can always be tricky because of the threaded/child > process nature. > > We use mod_authz_ldap and it works "okay", but OpenLDAP an can be a real > beyotch when it comes to SSL/TLS. > > E.g., we feel your pain. =C2=A0The only way out, is through. > > ~BAS I figured it out eventually (see [1]). It's been working without any problems for a few days now. - Max [1] http://lists.freebsd.org/pipermail/freebsd-questions/2009-November/2081= 95.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?26ddd1750911250759v269069c8y806ebefaab7f66f4>