[Date Prev][Date Next] [Chronological] [Thread] [Top]

Some problem with TLS

To: "OpenLDAP-software@OpenLDAP.org" <OpenLDAP-software@OpenLDAP.org>
Subject: Some problem with TLS
From: Simone Piccardi <simonepi@chl.it>
Date: 06 Aug 2002 13:52:45 +0200

I'm trying to run slapd on a debian enabling TLS. 

But both using the debian packages (recompiled to have TLS support) and
openldap-2.0.35 I cannot have the ldapsearch working when I use ldaps
queries.

The relevant (I hope) parts of configurauion files are 

slapd.conf:
# For SSL/TSL authentication
# 
#TLSCipherSuite HIGH:MEDIUM:+SSLv2:RSA
TLSCertificateFile      /etc/ldap/cert/ldapcert.pem
TLSCertificateKeyFile   /etc/ldap/cert/ldapkey.pem
TLSCACertificateFile    /etc/ldap/cert/cacert.pem
TLSVerifyClient = never

ldap.conf:
host 194.177.127.112
base dc=chl, dc=it
port 636
ssl yes
#ssl start_tls (don't work also if it's enabled)

I started the server with:

slapd -d1 -h "ldap://0.0.0.0/ ldaps://0.0.0.0/"  -f /etc/ldap/slapd.conf
If I do a search using:

ldapsearch -H ldap://localhost -x

I got results, but if I use instead:

ldapsearch -H ldaps://localhost -x

i got:

ldap_bind: Can't contact LDAP server

The debug results are:

@(#) $OpenLDAP: slapd 2.0.25-Release (Tue Aug  6 12:29:06 CEST 2002) $
        root@hlcvs:/root/openldap-2.0.25/servers/slapd
daemon_init: listen on ldap://0.0.0.0/
daemon_init: listen on ldaps://0.0.0.0/
daemon_init: 2 listeners to open...
ldap_url_parse_ext(ldap://0.0.0.0/)
daemon: initialized ldap://0.0.0.0/
ldap_url_parse_ext(ldaps://0.0.0.0/)
daemon: initialized ldaps://0.0.0.0/
daemon_init: 2 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
slapd startup: initiated.
slapd starting
ldap_pvt_gethostbyname_a: host=hlcvs, r=0
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:SSLv3 read client key exchange A
TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
TLS trace: SSL_accept:SSLv3 flush data
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ber_get_next on fd 10 failed errno=0 (Success)
connection_read(10): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=10 for close
connection_close: conn=0 sd=10
TLS trace: SSL3 alert write:warning:close notify

And I still don't understand what wrong. I suppose I'm missing
something, but (at least from what I found in the FAQ) I don't know
what.

Thanks in advance for any help.

Simone

Follow-Ups:
- Re: Some problem with TLS
  - From: Simone Piccardi <simonepi@chl.it>

Prev by Date: dcns
Next by Date: process table
Index(es):
- Chronological
- Thread