[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Strange TLS behaviour with slapd 2.3.30 on Debian Etch

To: openldap-software@openldap.org
Subject: Re: Strange TLS behaviour with slapd 2.3.30 on Debian Etch
From: Fabian Steiner <lists@fabis-site.net>
Date: Mon, 10 Dec 2007 21:34:15 +0100
Cc: Howard Chu <hyc@symas.com>, Denis Sacchet <ouba@ouba.org>, Administratoren LSH <Administratoren@lsh-marquartstein.de>
Content-disposition: inline
In-reply-to: <475D8129.9000903@symas.com>
References: <475CEAA6.1000702@ouba.org> <475D8129.9000903@symas.com>
User-agent: KMail/1.9.6 (enterprise 0.20070907.709405)

Howard Chu wrote:
> Denis Sacchet wrote:
> > Hello,
> >
> > I have a strange behaviour regarding TLS encryption with an LDAP server.
> > Everything works like a charm for a while, and without any sign, the
> > server begins to not respond for TLS traffic. As the server is partially
> > open on internet, I force TLS, so it is very annoying for us.
> >
> > A trace of ldapsearch when there is the problem :
>
> Show the corresponding slapd debug output for the same situation.

Of course, I don't want to hijack the OP's thread but as our problems seem to 
be rather similar I can also provide the corresponding slapd log:

[...]
      slapd starting
>>> slap_listener(ldap:///)ldap_pvt_gethostbyname_a: host=uranos, r=0
connection_get(11): got connid=0
connection_read(11): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 29 contents:
ber_get_next
ber_get_next on fd 11 failed errno=11 (Resource temporarily unavailable)
do_extended
ber_scanf fmt ({m) ber:
send_ldap_extended: err=0 oid= len=0
send_ldap_response: msgid=1 tag=120 err=0
ber_flush: 14 bytes to sd 11
connection_get(11): got connid=0
connection_read(11): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write certificate request A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(11): got connid=0
connection_read(11): checking for input on id=0
TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read client certificate B
TLS: can't accept.
TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not 
return a certificate s3_srvr.c:2471
connection_read(11): TLS accept failure error=-1 id=0, closing

[...]

Thanks,
Fabian

Follow-Ups:
- Re: Strange TLS behaviour with slapd 2.3.30 on Debian Etch
  - From: Howard Chu <hyc@symas.com>

References:
- Strange TLS behaviour with slapd 2.3.30 on Debian Etch
  - From: Denis Sacchet <ouba@ouba.org>
- Re: Strange TLS behaviour with slapd 2.3.30 on Debian Etch
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: rwm-overlay and ldap-backend do suit me ?
Next by Date: Re: Strange TLS behaviour with slapd 2.3.30 on Debian Etch
Index(es):
- Chronological
- Thread