[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Strange TLS behaviour with slapd 2.3.30 on Debian Etch

To: Fabian Steiner <lists@fabis-site.net>
Subject: Re: Strange TLS behaviour with slapd 2.3.30 on Debian Etch
From: Howard Chu <hyc@symas.com>
Date: Mon, 10 Dec 2007 12:39:28 -0800
Cc: Denis Sacchet <ouba@ouba.org>, openldap-software@openldap.org, Administratoren LSH <Administratoren@lsh-marquartstein.de>
In-reply-to: <200712102134.16411.lists@fabis-site.net>
References: <475CEAA6.1000702@ouba.org> <475D8129.9000903@symas.com> <200712102134.16411.lists@fabis-site.net>
User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9b2pre) Gecko/2007120621 SeaMonkey/2.0a1pre

Fabian Steiner wrote:

Of course, I don't want to hijack the OP's thread but as our problems seem to
be rather similar I can also provide the corresponding slapd log:

This looks like a simple configuration error; you have slapd configured to require client certificates and the client didn't send one. Either you need to configure the client with a certificate, or you need to relax the requirement on the server.


[...]
      slapd starting

slap_listener(ldap:///)ldap_pvt_gethostbyname_a: host=uranos, r=0

connection_get(11): got connid=0
connection_read(11): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 29 contents:
ber_get_next
ber_get_next on fd 11 failed errno=11 (Resource temporarily unavailable)
do_extended
ber_scanf fmt ({m) ber:
send_ldap_extended: err=0 oid= len=0
send_ldap_response: msgid=1 tag=120 err=0
ber_flush: 14 bytes to sd 11
connection_get(11): got connid=0
connection_read(11): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write certificate request A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(11): got connid=0
connection_read(11): checking for input on id=0
TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read client certificate B
TLS: can't accept.
TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not
return a certificate s3_srvr.c:2471
connection_read(11): TLS accept failure error=-1 id=0, closing


--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP     http://www.openldap.org/project/

Follow-Ups:
- Re: Strange TLS behaviour with slapd 2.3.30 on Debian Etch
  - From: Fabian Steiner <lists@fabis-site.net>

References:
- Strange TLS behaviour with slapd 2.3.30 on Debian Etch
  - From: Denis Sacchet <ouba@ouba.org>
- Re: Strange TLS behaviour with slapd 2.3.30 on Debian Etch
  - From: Howard Chu <hyc@symas.com>
- Re: Strange TLS behaviour with slapd 2.3.30 on Debian Etch
  - From: Fabian Steiner <lists@fabis-site.net>

Prev by Date: Re: Strange TLS behaviour with slapd 2.3.30 on Debian Etch
Next by Date: Re: Strange TLS behaviour with slapd 2.3.30 on Debian Etch
Index(es):
- Chronological
- Thread