main: TLS init def ctx failed: -1

Fredrik Unger fred at
Fri Nov 26 15:12:50 CET 2010

On 11/26/2010 02:21 PM, Nikos Mavrogiannopoulos wrote:
> On Fri, Nov 26, 2010 at 2:10 PM, Fredrik Unger<fred at>  wrote:
>> sudo cat /etc/ldap/cert/key.pem
>> Proc-Type: 4,ENCRYPTED
>> DEK-Info: AES-256-CBC,CA6CC40CD8CF4D0C802B925FC4EAAE91
>> Is the header the problem ?

> This is a private openssl format. gnutls accepts keys if they are encrypted with
> PKCS #8 or if they are unencrypted.

with unencrypted key gnutls-serv works,
openldap does unfortunately still not start.

After looking into the openldap source code I have come to the 
conclusion that it fails somewhere inside the if-branch that starts at 
line 350 of tls_g.c
(random browsable code from the internet.. )

since if for example the key in the configuration is left out it fails 
with the "TLS: only one of certfile and keyfile specified" debug statement.

I guess my only option now is to instrument that part with debug 
information to see what return -1 triggers the error.
Or can I turn on some gnutls flag that prints debug information ?

Thank you for your help.


More information about the Gnutls-help mailing list