[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
TLS errors on valid certs (ITS#1934)
Full_Name: Quanah Gibson-Mount
Version: HEAD
OS: Solaris 8
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (171.64.13.58)
Hello,
I am running openldap from HEAD pulled June 26th. I have a valid cert from
Verisign installed for the ldap server. However, when I try to make a SSL
connection, it complains that the cert is a self-signed cert. In slapd.conf, I
point TLSCACertificateFile to /usr/local/openssl/certs/vsignss.pem. I get the
following error:
ldap4:~> ldapsearch -d 65535 -H ldaps://ldap4.Stanford.EDU/ -x -b "" -s base
-LLL supportedSASLMechanisms
ldap_create
ldap_url_parse_ext(ldaps://ldap4.Stanford.EDU/)
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP ldap4.Stanford.EDU:636
ldap_new_socket: 4
ldap_prepare_socket: 4
ldap_connect_to_host: Trying 171.64.14.183:636
ldap_connect_timeout: fd: 4 tm: -1 async: 0
ldap_ndelay_on: 4
ldap_ndelay_off: 4
ldap_int_sasl_open: host=ldap4.Stanford.EDU
TLS trace: SSL_connect:before/connect initialization
tls_write: want=130, written=130
0000: 80 80 01 03 01 00 57 00 00 00 20 00 00 16 00 00 ......W... .....
0010: 13 00 00 0a 07 00 c0 00 00 66 00 00 07 00 00 05 .........f......
0020: 00 00 04 05 00 80 03 00 80 01 00 80 08 00 80 00 ................
0030: 00 65 00 00 64 00 00 63 00 00 62 00 00 61 00 00 .e..d..c..b..a..
0040: 60 00 00 15 00 00 12 00 00 09 06 00 40 00 00 14 `...........@...
0050: 00 00 11 00 00 08 00 00 06 00 00 03 04 00 80 02 ................
0060: 00 80 cb 2f fe 41 11 7b 0c 06 12 0b 93 21 07 b3 .../.A.{.....!..
0070: b8 dd 01 57 8c 46 99 9b 48 0e 5e bf fc 84 75 0d ...W.F..H.^...u.
0080: fc c8 ..
TLS trace: SSL_connect:SSLv2/v3 write client hello A
tls_read: want=7, got=7
0000: 16 03 01 00 4a 02 00 ....J..
tls_read: want=72, got=72
0000: 00 46 03 01 3d 2c cd ae 15 54 1f bf 32 2f d6 bb .F..=,...T..2/..
0010: 56 2d 80 a3 9b 2f 13 b0 12 9b 0d f4 c3 b1 16 15 V-.../..........
0020: 9a b3 9d b5 20 e9 bc be 32 a9 c8 a0 da 86 45 93 .... ...2.....E.
0030: 1b 48 d8 c1 8f 2d f6 85 9d 63 f0 75 91 43 6a 47 .H...-...c.u.CjG
0040: 4f 5b 69 70 dc 00 0a 00 O[ip....
TLS trace: SSL_connect:SSLv3 read server hello A
tls_read: want=5, got=5
0000: 16 03 01 04 a1 .....
tls_read: want=1185, got=1185
0000: 0b 00 04 9d 00 04 9a 00 02 5c 30 82 02 58 30 82 .........\0..X0.
0010: 01 c5 02 10 1d a8 33 02 53 85 82 23 16 a3 55 2d ......3.S..#..U-
0020: 0b 33 c4 ef 30 0d 06 09 2a 86 48 86 f7 0d 01 01 .3..0...*.H.....
0030: 04 05 00 30 5f 31 0b 30 09 06 03 55 04 06 13 02 ...0_1.0...U....
0040: 55 53 31 20 30 1e 06 03 55 04 0a 13 17 52 53 41 US1 0...U....RSA
0050: 20 44 61 74 61 20 53 65 63 75 72 69 74 79 2c 20 Data Security,
0060: 49 6e 63 2e 31 2e 30 2c 06 03 55 04 0b 13 25 53 Inc.1.0,..U...%S
0070: 65 63 75 72 65 20 53 65 72 76 65 72 20 43 65 72 ecure Server Cer
0080: 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f tification Autho
0090: 72 69 74 79 30 1e 17 0d 30 32 30 37 31 30 30 30 rity0...02071000
00a0: 30 30 30 30 5a 17 0d 30 33 30 37 31 30 32 33 35 0000Z..030710235
00b0: 39 35 39 5a 30 7f 31 0b 30 09 06 03 55 04 06 13 959Z0.1.0...U...
00c0: 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 43 61 .US1.0...U....Ca
00d0: 6c 69 66 6f 72 6e 69 61 31 11 30 0f 06 03 55 04 lifornia1.0...U.
00e0: 07 14 08 53 74 61 6e 66 6f 72 64 31 1c 30 1a 06 ...Stanford1.0..
00f0: 03 55 04 0a 14 13 53 74 61 6e 66 6f 72 64 20 55 .U....Stanford U
0100: 6e 69 76 65 72 73 69 74 79 31 0d 30 0b 06 03 55 niversity1.0...U
0110: 04 0b 14 04 49 54 53 53 31 1b 30 19 06 03 55 04 ....ITSS1.0...U.
0120: 03 14 12 6c 64 61 70 34 2e 53 74 61 6e 66 6f 72 ...ldap4.Stanfor
0130: 64 2e 45 44 55 30 81 9f 30 0d 06 09 2a 86 48 86 d.EDU0..0...*.H.
0140: f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 ...........0....
0150: 81 00 c0 12 64 10 03 15 ea 26 ba 98 99 90 87 b9 ....d....&......
0160: a6 95 5c 7c 53 e7 5b 10 0a 3f c3 3a be 23 7b 54 ..\|S.[..?.:.#{T
0170: 4b 9f b2 43 5a ef 7d e1 50 a6 b3 6a bd 91 9c e7 K..CZ.}.P..j....
0180: 44 8e c1 1c 43 bb b4 2d ea 4f 61 73 01 14 12 67 D...C..-.Oas...g
0190: f2 48 cc f7 f4 03 7f 44 f0 c3 fd ce fc 0e 22 e0 .H.....D......".
01a0: 1d 6d f0 24 68 d9 63 a1 06 8b 0a cc 3a 04 a6 d6 .m.$h.c.....:...
01b0: 21 57 6a 1b 07 6f 6a ea d3 d4 b0 48 66 ed 2e 4b !Wj..oj....Hf..K
01c0: 2c a2 4e 9e b8 67 99 5d 56 42 56 87 5e d8 6a 6e ,.N..g.]VBV.^.jn
01d0: b1 13 02 03 01 00 01 30 0d 06 09 2a 86 48 86 f7 .......0...*.H..
01e0: 0d 01 01 04 05 00 03 7e 00 44 e9 15 4b 09 d0 a6 .......~.D..K...
01f0: 19 f4 d8 31 c7 26 81 f6 ac e4 19 be 5b 2b 00 0e ...1.&......[+..
0200: 93 93 68 68 a4 a8 e8 ae e9 4d 92 94 1b c3 50 79 ..hh.....M....Py
0210: c4 e5 98 4d df f2 e8 3d 29 d5 5d 12 96 c9 68 7a ...M...=).]...hz
0220: de 40 0e 39 72 d3 81 f7 5a 5f 77 ac 95 77 42 b7 .@.9r...Z_w..wB.
0230: 9f 46 e2 53 01 cf bc b3 6d 01 f1 94 78 16 3c af .F.S....m...x.<.
0240: 70 86 03 75 ac d3 1c 33 71 32 86 36 3d 66 b8 1d p..u...3q2.6=f..
0250: b3 f2 87 68 5a 64 1b 54 05 a5 58 10 2c ce cf e6 ...hZd.T..X.,...
0260: aa 07 bc 85 25 26 00 02 38 30 82 02 34 30 82 01 ....%&..80..40..
0270: a1 02 10 02 ad 66 7e 4e 45 fe 5e 57 6f 3c 98 19 .....f~NE.^Wo<..
0280: 5e dd c0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 02 ^..0...*.H......
0290: 05 00 30 5f 31 0b 30 09 06 03 55 04 06 13 02 55 ..0_1.0...U....U
02a0: 53 31 20 30 1e 06 03 55 04 0a 13 17 52 53 41 20 S1 0...U....RSA
02b0: 44 61 74 61 20 53 65 63 75 72 69 74 79 2c 20 49 Data Security, I
02c0: 6e 63 2e 31 2e 30 2c 06 03 55 04 0b 13 25 53 65 nc.1.0,..U...%Se
02d0: 63 75 72 65 20 53 65 72 76 65 72 20 43 65 72 74 cure Server Cert
02e0: 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 ification Author
02f0: 69 74 79 30 1e 17 0d 39 34 31 31 30 39 30 30 30 ity0...941109000
0300: 30 30 30 5a 17 0d 31 30 30 31 30 37 32 33 35 39 000Z..1001072359
0310: 35 39 5a 30 5f 31 0b 30 09 06 03 55 04 06 13 02 59Z0_1.0...U....
0320: 55 53 31 20 30 1e 06 03 55 04 0a 13 17 52 53 41 US1 0...U....RSA
0330: 20 44 61 74 61 20 53 65 63 75 72 69 74 79 2c 20 Data Security,
0340: 49 6e 63 2e 31 2e 30 2c 06 03 55 04 0b 13 25 53 Inc.1.0,..U...%S
0350: 65 63 75 72 65 20 53 65 72 76 65 72 20 43 65 72 ecure Server Cer
0360: 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f tification Autho
0370: 72 69 74 79 30 81 9b 30 0d 06 09 2a 86 48 86 f7 rity0..0...*.H..
0380: 0d 01 01 01 05 00 03 81 89 00 30 81 85 02 7e 00 ..........0...~.
0390: 92 ce 7a c1 ae 83 3e 5a aa 89 83 57 ac 25 01 76 ..z...>Z...W.%.v
03a0: 0c ad ae 8e 2c 37 ce eb 35 78 64 54 03 e5 84 40 ....,7..5xdT...@
03b0: 51 c9 bf 8f 08 e2 8a 82 08 d2 16 86 37 55 e9 b1 Q...........7U..
03c0: 21 02 ad 76 68 81 9a 05 a2 4b c9 4b 25 66 22 56 !..vh....K.K%f"V
03d0: 6c 88 07 8f f7 81 59 6d 84 07 65 70 13 71 76 3e l.....Ym..ep.qv>
03e0: 9b 77 4c e3 50 89 56 98 48 b9 1d a7 29 1a 13 2e .wL.P.V.H...)...
03f0: 4a 11 59 9c 1e 15 d5 49 54 2c 73 3a 69 82 b1 97 J.Y....IT,s:i...
0400: 39 9c 6d 70 67 48 e5 dd 2d d6 c8 1e 7b 02 03 01 9.mpgH..-...{...
0410: 00 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 02 05 ..0...*.H.......
0420: 00 03 7e 00 65 dd 7e e1 b2 ec b0 e2 3a e0 ec 71 ..~.e.~.....:..q
0430: 46 9a 19 11 b8 d3 c7 a0 b4 03 40 26 02 3e 09 9c F.........@&.>..
0440: e1 12 b3 d1 5a f6 37 a5 b7 61 03 b6 5b 16 69 3b ....Z.7..a..[.i;
0450: c6 44 08 0c 88 53 0c 6b 97 49 c7 3e 35 dc 6c b9 .D...S.k.I.>5.l.
0460: bb aa df 5c bb 3a 2f 93 60 b6 a9 4b 4d f2 20 f7 ...\.:/.`..KM. .
0470: cd 5f 7f 64 7b 8e dc 00 5c d7 fa 77 ca 39 16 59 ._.d{...\..w.9.Y
0480: 6f 0e ea d3 b5 83 7f 4d 4d 42 56 76 b4 c9 5f 04 o......MMBVv.._.
0490: f8 38 f8 eb d2 5f 75 5f cd 7b fc e5 8e 80 7c fc .8..._u_.{....|.
04a0: 50 P
TLS certificate verification: depth: 1, err: 19, subject: /C=US/O=RSA Data
Security, Inc./OU=Secure Server Certification Authority, issuer: /C=US/O=RSA
Data Security, Inc./OU=Secure Server Certification Authority
TLS certificate verification: Error, self signed certificate in certificate
chain
tls_write: want=7, written=7
0000: 15 03 01 00 02 02 30 ......0
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect.
ldap_perror
ldap_bind: Can't contact LDAP server (81)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed