[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
OpenLDAP+TLS not accepting TLS OID from Perl-Ldap (ITS#1284)
Full_Name: Jim Dutton
Version: 2.0.11
OS: Solaris, FreeBSD, NetBSD
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (131.230.6.142)
It appears that OpenLDAO-2.0.11 + OpenSSL-0.9.6 does not accept the TLS OID
as sent by Perl-Ldap-0.24:
./test_tls_<remotehost>
$VAR1 = bless( {
'net_ldap_async' => 0,
'net_ldap_resp' => {},
'net_ldap_debug' => 1,
'net_ldap_host' => '<remotehost>',
'net_ldap_version' => 3,
'net_ldap_socket' => bless( \*Symbol::GEN0, 'IO::Socket::INET'
)
}, 'Net::LDAP' );
Net::LDAP=HASH(0x805a054) sending:
30 1D 02 01 01 77 18 80 16 31 2E 33 2E 36 2E 31 0....w...1.3.6.1
2E 34 2E 31 2E 31 34 36 36 2E 32 30 30 33 37 __ .4.1.1466.20037
$VAR1 = bless( {
'callback' => undef,
'parent' => bless( {
'net_ldap_async' => 0,
'net_ldap_resp' => {},
'net_ldap_mesg' => {
'1' => $VAR1
},
'net_ldap_debug' => 1,
'net_ldap_host' => '<remotehost>',
'net_ldap_version' => 3,
'net_ldap_socket' => bless(
\*Symbol::GEN0, 'IO::Socket::INET' )
}, 'Net::LDAP' ),
'mesgid' => 1,
'errorMessage' => 'I/O Error
494f3a3a536f636b65743a3a494e45543d474c4f422830783833313764623029',
'resultCode' => '1',
'pdu' => '0|a``ww?u1.3.6.1.4.1.1466.20037'
}, 'Net::LDAP::Extension' );
/usr/local/libexec/slapd -d9 -h 'ldaps://<remotehost>:637/'
@(#) $OpenLDAP: slapd 2.0.11-Release (Mon Jul 30 10:17:59 CDT 2001) $
<mailbox>:/var/stage/openldap-2.0.11/servers/slapd
daemon_init: listen on ldaps://<remotehost>:637/
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldaps://<remotehost>:637/)
daemon: initialized ldaps://<remotehost>:637/
daemon_init: 1 listeners opened
slapd init: initiated server.
Enter PEM pass phrase:
slapd startup: initiated.
slapd starting
daemon: added 6r
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: new connection on 7
daemon: added 7r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 7r
daemon: read activity on 7
connection_get(7): got connid=0
connection_read(7): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
TLS: can't accept.
TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
s23_srvr.c:565
connection_read(7): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=7 for close
connection_close: conn=0 sd=7
daemon: removing 7
#!/usr/local/bin/perl
use Net::LDAP qw(:all);
use Data::Dumper;
my $ldaphost = "<remotehost>";
my $ldapconn = Net::LDAP->new($ldaphost,port=>637,version=>3,debug=>1) or die
"$
@";
print Dumper($ldapconn);
my $cafile = "<remotehost CA cert>";
my $result = $ldapconn->start_tls(verify=>'require',cafile=>"$cafile");
print Dumper($result);
exit;
my $ldapbind = $ldapconn->bind(anonymous => 'empty');
if ( $ldapbind->code ) {LDAPerror("LDAP Bind (line 17) ...",$ldapbind);}
my $baseDN = "o=<domain>,c=US"; my $filter = "(cn=<CN>)";
my $attrList = ['dn','drink'];
use Data::Dumper;
print Dumper($attrList);
print("\nSearch for: $filter, $attrList\n");
my $search_results = $ldaps->search(base=>"$baseDN",
scope=>"sub",filter=>"$filter",attrs=>$attrList);
use Net::LDAP::Message;
use Net::LDAP::LDIF;
if ($search_results->code) {LDAPerror("LDAP Search Error ...",$search_results)}
else {print("\nLDAP search LDIF dump:\n");
Net::LDAP::LDIF->new(\*STDOUT,"w")->write($search_results->entries);
}
$ldaps->unbind;
print("\n\n");
exit;