[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: solaris 8 client authentication to openldap (TLS issue)





--On Friday, July 16, 2004 7:24 AM -0700 Lara Adianto <m1r4cle_26@yahoo.com> wrote:

1. in redhat linux:
- openldap-2.1.30 (compiled with-tls, TLS/SSL
connection has been tested with the ldapclient on the
same machine)
- openssl-0.9.6b

OpenSSL 0.9.6b has known security vulnerabilities, I don't suggest using it.



TLS trace: SSL_accept:error in SSLv3 read client
certificate A
TLS: can't accept.
TLS: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
version number s3_pkt.c:297
connection_read(10): TLS accept error error=-1 id=0,
closing
connection_closing: readying conn=0 sd=10 for close
connection_close: conn=0 sd=10
daemon: removing 10
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL

This is an OpenSSL problem, not an OpenLDAP problem. It would be better to direct it to an OpenSSL related list.


See <http://www.openldap.org/lists/openldap-software/200405/msg00094.html> which shows the problem occurs below the OpenLDAP level.

I personally suggest you use the same version of OpenSSL everywhere (recompiling where necessary) and see if that fixes the problem.

--Quanah


-- Quanah Gibson-Mount Principal Software Developer ITSS/Shared Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html