main: TLS init def ctx failed: -1

Fredrik Unger fred at ludd.ltu.se
Wed Nov 24 14:50:07 CET 2010


Hi,

I am setting up a openldap deamon (slapd) on a Debian Squeeze box.
Debian is using gnutls.

When using a certificate that works on an older Debian installation
where openssl was linked to openldap it works.

Using the same certificate in the gnutls version results in
main: TLS init def ctx failed: -1
and the server fails to start.

Using ldap with -d -1 (most debug information) nothing new is
provided that can help resolve the issue.

The certificate is created with openssl.
It has an encrypted key, but I have also tried it with
an unencrypted key. Same results.
The permissions are ok for the certificate and key.

What can I do more to figure out what is wrong?

  certtool -i < cert.pem
shows information like  :

Subject Public Key Algorithm: RSA
Signature Algorithm: RSA-SHA

I have tried setting TLSCipherSuite, but to no avail. Not sure what I 
would set it to.

According to http://wiki.debian.org/LDAP/OpenLDAPSetup
"NOTE: On Debian Squeeze openldap is linked with gnutls as well, but 
works just fine with certificate generated by openssl. "

But that does not seems to be the case for me.

Any pointers or information on how I should set up the certificate to
start the slapd deamon ?

/Fred




More information about the Gnutls-help mailing list