[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL3_READ_BYTES:sslv3 alert handshake failure

Greg Martin wrote:
> Try adding a corres[ponding TLSCipherSuite entry to ldap.conf.
>
> \\Greg
>


Sorry for the late reply as I was busy in writing an article.
any how I have followed the guidance as suggested

now the ldap.conf has become like
----------------------------------------------
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLS_CACERT /etc/openldap/myca/cacert.pem
TLS_CERT   /etc/openldap/myca/servercert.pem
TLS_KEY    /etc/openldap/myca/serverkey.pem
TLS_REQCERT allow
---------------------------------------------------

the slapd.conf is as before
-----------------------------------------------
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile            /etc/openldap/myca/servercert.pem
TLSCertificateKeyFile        /etc/openldap/myca/serverkey.pem
TLSCACertificateFile         /etc/openldap/myca/cacert.pem
TLSVerifyClient  demand
----------------------------------------------------

but still I have the same problem. like *ldapsearch -x -ZZ* reports

------------------------------------------
ldap_start_tls: Connect error (-11)
        additional info: error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3 alert handshake failure
--------------------------------------------

and the log reports
--------------------------------------------------------------------------------
Mar 26 12:32:35 linux slapd[7449]: conn=32 fd=15 ACCEPT from
IP=127.0.0.1:33418 (IP=0.0.0.0:389)
Mar 26 12:32:35 linux slapd[7449]: conn=32 op=0 STARTTLS
Mar 26 12:32:35 linux slapd[7449]: conn=32 op=0 RESULT oid= err=0 text=
Mar 26 12:32:35 linux slapd[7449]: conn=32 fd=15 closed (TLS negotiation
failure)
----------------------------------------------------------------------------------------

*slapd -d 255*  reports
-------------------------------------------
TLS trace: SSL_accept:error in SSLv3 read client certificate B
TLS: can't accept.
TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did
not return a certificate s3_srvr.c:2471
connection_read(15): TLS accept failure error=-1 id=42, closing
---------------------------

so pleeeaseeee help me to solve it.
thanks a lot for the great support so far...



>
> JOYDEEP wrote:
>> Dear list,
>>
>> Now *ldapsearch -x -ZZ* is working; but again I have a problem when
>> demanding  certificate from host. the error is
>>
>> ========================
>> ldap_perror
>> ldap_start_tls: Connect error (-11)
>>         additional info: error:14094410:SSL
>> routines:SSL3_READ_BYTES:sslv3 alert handshake failure
>> ======================================================================
>>
>> Here is my slapd.conf section of TLS
>> -----------------------------------------------
>> TLSCipherSuite HIGH:MEDIUM:+SSLv2
>> TLSCertificateFile            /etc/openldap/myca/servercert.pem
>> TLSCertificateKeyFile        /etc/openldap/myca/serverkey.pem
>> TLSCACertificateFile         /etc/openldap/myca/cacert.pem
>> TLSVerifyClient  demand
>> ----------------------------------------------------
>>
>> Here is my ldap.conf
>> ------------------------------------------------
>> TLS_CACERT /etc/openldap/myca/cacert.pem
>> TLS_CERT   /etc/openldap/myca/servercert.pem
>> TLS_KEY    /etc/openldap/myca/serverkey.pem
>> TLS_REQCERT allow
>> ---------------------------------------------------------
>>
>> please note I have a self signed certificate.
>>
>> Thanks
>>
>>
>>
>>
>>
>>   
>
>