[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Problems with SSL
Okay,
I now have an entry in slapd.conf of:
TLSVerifyClient never
However, I am still seeing with (-d -1) a local error. Advise?
Tony
Output from debug:
TLS trace: SSL_accept:SSLv3 flush data
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: select: listen=8 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9)
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
tls_read: want=5, got=5
0000: 15 03 01 00 18 .....
tls_read: want=24, got=24
0000: b0 b7 cc c2 a4 3e c1 d1 1c b9 e1 2d 9b b8 ce 16 .....>.....-....
0010: d8 43 ce 4b 15 2a cf da XC.K.*.Z
TLS trace: SSL3 alert read:warning:bad certificate
tls_read: want=5, got=0
ldap_read: want=9, got=0
ber_get_next on fd 9 failed errno=0 (Error 0)
connection_read(9): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=9 for close
connection_close: conn=0 sd=9
daemon: removing 9
conn=0 fd=9 closed
tls_write: want=29, written=29
0000: 15 03 01 00 18 0c 25 db 88 74 7e cd 66 9b 6a cb ......%..t~.f.j.
0010: 19 0f 1d e5 61 59 9c 3b 3c ad 55 f5 8c ...eaY.;<-U..
TLS trace: SSL3 alert write:warning:close notify
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: select: listen=8 active_threads=0 tvp=NULL
#
At 07:48 PM 03/20/2002 -0800, you wrote:
Are you using TLSVerifyClient in your slapd.conf? The syntax of this
keyword
has changed. (Although the old behavior is supposed to still be supported,
perhaps there's a problem there.)
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
>> -----Original Message-----
>> From: owner-openldap-devel@OpenLDAP.org
>> [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Anthony Brock
>> Sent: Wednesday, March 20, 2002 5:50 PM
>> To: Open LDAP Devel
>> Subject: Problems with SSL
>>
>>
>> I am having two other problems now. First, I am not able to connect
>using
>> SSL (certificate issued by Thawte). This works perfectly if I
>> downgrade to
>> the 2.0.23 version of OpenLDAP. I am seeing the following in the debug
>> (level 1) log:
>>
>>
>> ********************
>> TLS trace: SSL_accept:before/accept initialization
>> TLS trace: SSL_accept:SSLv3 read client hello A
>> TLS trace: SSL_accept:SSLv3 write server hello A
>> TLS trace: SSL_accept:SSLv3 write certificate A
>> TLS trace: SSL_accept:SSLv3 write server done A
>> TLS trace: SSL_accept:SSLv3 flush data
>> TLS trace: SSL_accept:error in SSLv3 read client certificate A
>> TLS trace: SSL_accept:error in SSLv3 read client certificate A
>> connection_get(12): got connid=0
>> connection_read(12): checking for input on id=0
>> TLS trace: SSL_accept:SSLv3 read client key exchange A
>> TLS trace: SSL_accept:SSLv3 read finished A
>> TLS trace: SSL_accept:SSLv3 write change cipher spec A
>> TLS trace: SSL_accept:SSLv3 write finished A
>> TLS trace: SSL_accept:SSLv3 flush data
>> connection_get(12): got connid=0
>> connection_read(12): checking for input on id=0
>> ber_get_next
>> TLS trace: SSL3 alert read:warning:bad certificate
>> ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable)
>> ********************
>>
>>
>> Any ideas? I would appreciate some pointers on these. Thanks!
>>
>> Tony
>>
>> ******************************************************************
>> ************
>> * Anthony Brock
>> abrock@georgefox.edu *
>> * Director of Network Services George Fox
>> University *
>> ******************************************************************
>> ************
******************************************************************************
* Anthony Brock abrock@georgefox.edu *
* Director of Network Services George Fox University *
******************************************************************************