From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1) Gecko/20031030 Description of problem: Evolution is unable to use SSL/TLS when communicating with an LDAP server for contacts. This worked with Ximian 1.4.5, but does not work with the Fedora Core RPM. The message I get is: We were unable to open this addressbook. This either means you have entered an incorrect URI, or the LDAP server is unreachable. Setting 'Use SSL/TLS' to 'Never' allows me to communicate with the LDAP server. Setting it to 'Always' gives the dialog box with the above message, regardless of whether the port is set to 389 or 636. I did remove all Ximian packages and replaced them with their Fedora equivalents prior to testing this. I also made sure to kill the Evolution background processes, which do not exit when Evolution itself is killed. Version-Release number of selected component (if applicable): evolution-1.4.5-7 How reproducible: Always Steps to Reproduce: 1. Set up an LDAP server using the evolution.schema and set appropriate ACLs. 2. Create an entry in "Directory Servers" in Evolution and set 'Use SSL/TLS' to 'Always'. 3. Click on the directory entry in "Other Contacts". Actual Results: Received the message above; unable to list any contacts. Expected Results: Expected to have normal functionality in the LDAP addressbook. Additional info: Setting severity to "Security" since not being able to use SSL/TLS when communicating with an LDAP server is a big security problem, for me at least. Feel free to downgrade it if that's not appropriate.
Setting 'TLS_REQCERT' in '/etc/openldap/ldap.conf' to 'allow' fixes this issue with self-signed certs (which also affected GQ and ldapsearch). It's somewhat unexpected, since I only thought the CLI clients used this file, but apparently it's read as part of ldap_init() or ldap_open(). Bug can be closed as far as I am concerned. (Apologies again for setting to 'security'.)