Re: ssl and openldap

[Gustavo Rios <vieira.rios@gmail.com>]

I am still having problems:

# ./slapd -d 7 -h ldaps:///

...
...
TLS trace: SSL_accept:SSLv3 flush data
tls_read: want=5, got=5
  0000:  15 03 01 00 02                                     .....
tls_read: want=2, got=2
  0000:  02 33                                              .3
TLS trace: SSL3 alert read:fatal:decrypt error
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept.
TLS: error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt
error /usr/src/lib/libssl/ssl/../src/ssl/s3_pkt.c:1052
connection_read(12): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=12 for close
connection_close: conn=0 sd=12


This error message happens just after i try to connect with:

etosha$ ldapsearch -x -H ldaps://etosha.fesv.br
ldap_bind: Can't contact LDAP server (-1)
        additional info: error:0D0890A1:asn1 encoding
routines:ASN1_verify:unknown message digest algorithm
etosha$


Someone, please, mind telling me what is happening ?

On Sun, 9 Jan 2005 20:22:30 +0000, FRLinux <frlinux@gmail.com> wrote:
> On Sun, 9 Jan 2005 18:01:03 -0200, Gustavo Rios <vieira.rios@gmail.com> wrote:
> > etosha$ ldapsearch -ZZ -x
> > ldap_start_tls: Connect error (-11)
> 
> Hello,
> 
> I did that mistake once, do not use -ZZ when you are using certifcates
> with ldaps. Your communication to the server is already encrypted by
> SSL, there is no need to force encapsulation.
> 
> Steph
> --
> "Step by step, penguins are taking my sanity apart ..."
>