[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Windows LDAP Client - SSL Handshake problem

To: Tim Murphy <tmurphy@micromuse.com>
Subject: Re: Windows LDAP Client - SSL Handshake problem
From: Tim Bond <tbond@webmethods.com>
Date: Wed, 22 May 2002 13:14:38 -0400
Cc: openldap-software@OpenLDAP.org
Organization: webMethods
References: <3CEBC6BC.8030201@micromuse.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc2) Gecko/20020510

This might help

http://www.openldap.org/lists/openldap-software/200107/msg00512.html

Hi,
I have compiled the openldap, openssl and cyrus sasl for a windows client. I am having a problem where the client cannot connect to a server via SSL on port 636. It's failing in the SSL handshake as the appended slapd debug log shows.

The server is running on Solaris 7 (Sparc). It can be successfully accessed by the Unix versions of the client and by other tools such as ldapsearch - only the windows client fails.

The windows tool s_client.exe (compiled with openssl) is able to connect to the ldap server quite successfully although it eventually passes the handshake stage and cannot go any further because it obviously doesn't understand the LDAP protocol. This leads me to think that the problem is somehow intertwined with OpenLDAP.

I shall be having a go at debugging this but I'd appreciate any advice or tips.
Thanks,
Tim
SLAPD DEBUG TRACE OF A CONNECTION FROM A WINDOWS CLIENT:
daemon: activity on 1 descriptors daemon: new connection on 9 daemon: conn=36 fd=9 connection from IP=192.168.34.101:2518 (IP=0.0.0.0:0) accepted. daemon: added 9r daemon: activity on: daemon: select: listen=7 active_threads=0 tvp=NULL daemon: select: listen=8 active_threads=0 tvp=NULL daemon: activity on 1 descriptors daemon: activity on: 9r daemon: read activity on 9 connection_get(9) connection_get(9): got connid=36 connection_read(9): checking for input on id=36 TLS trace: SSL_accept:before/accept initialization tls_read: want=11, got=11 0000: 30 39 02 01 01 60 34 02 01 03 04 09...`4.... TLS trace: SSL_accept:error in SSLv2/v3 read client hello A TLS: can't accept. TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol s23_srvr.c:565 connection_read(9): TLS accept error error=-1 id=36, closing connection_closing: readying conn=36 sd=9 for close connection_close: conn=36 sd=9 daemon: removing 9 conn=-1 fd=9 closed daemon: select: listen=7 active_threads=0 tvp=NULL daemon: select: listen=8 active_threads=0 tvp=NULL daemon: activity on 1 descriptors daemon: select: listen=7 active_threads=0 tvp=NULL daemon: select: listen=8 active_threads=0 tvp=NULL

--
Tim Bond | Senior Security Engineer | 703-251-7144 | tbond@webmethods.com
webMethods, Inc.                         The Business Integration Company

Follow-Ups:
- Re: Windows LDAP Client - SSL Handshake problem
  - From: kervin@blueprint-tech.com

References:
- Windows LDAP Client - SSL Handshake problem
  - From: Tim Murphy <tmurphy@micromuse.com>

Prev by Date: Re: ldapsearch columns
Next by Date: how do I create a CA for openLDAP for use in tomcat
Index(es):
- Chronological
- Thread