[Date Prev][Date Next] [Chronological] [Thread] [Top]

Bug ? client certificate not wrote to server! (ITS#2426)



Full_Name: Alexandre Tsu
Version: 2.1.16
OS: win2000
URL: 
Submission from: (NULL) (218.104.201.187)


I built openldap2.1.16 with TLS. and I started slapd with ldaps://, the
ldap.conf & slapd.conf are both correctly configured. but when I use
'srelease\ldapwhoami -Y EXTERNAL -Z -h localhost:389 -d 65535' or
'srelease\ldapsearch -v -LLL -b "o=JNDITutorial"  -s sub -H "ldaps://alexp:389"
-d 65535 -ZZ', the ldapwhoami.exe aborts when processing to 
"
ldap_interactive_sasl_bind_s: user selected: EXTERNAL
ldap_int_sasl_bind: EXTERNAL
"
 and both ldapwhoami & ldapsearch says 
"
TLS trace: SSL_connect:SSLv3 read server certificate request A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client certificate A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
......
TLS trace: SSL_connect:SSLv3 flush data
tls_read: want=5 error=unknown error
TLS trace: SSL_connect:error in SSLv3 read finished A
TLS trace: SSL_connect:error in SSLv3 read finished A
TLS: can't connect.
......
TLS trace: SSL3 alert read:fatal:handshake failure
TLS trace: SSL_connect:failed in SSLv3 read finished A
TLS: can't connect.
ldap_perror
ldap_sasl_interactive_bind_s: Can't contact LDAP server (81)
        additional info: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3
alert
 handshake failure
" 
and the server side, says 
"
TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read client certificate B
TLS: can't accept.
TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not
return
 a certificate .\ssl\s3_srvr.c:1978
connection_read(1744): TLS accept error error=-1 id=22, closing
connection_closing: readying conn=22 sd=1744 for close
connection_close: conn=22 sd=1744
daemon: removing 1744
conn=22 fd=1744 closed
"

why client certificate is not sent to server while client saying "SSLv3 write
client certificate A"? Is the bugs in Openssl or Openldap? But when I use 
"openssl s_client  -cert TLS_CLIENT\cert.pem -key TLS_CLIENT\key.pem -CAfile
TLS_CLIENT\rootcert.pem -ssl3 -showcerts -host localhost -port 389 -debug", it
is OK and server side do not say nothing.
please help me! and thank you very much!