[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: On the authenticated SSL access from Netscape problem

Julio Sánchez Fernández wrote:

> Anyway, could someone with a Netscape server compile ssldump,
> get a trace of the dialog between Communicator and the Directory
> Server when using both 'Secure' and 'Login with Name and Password'
> and post it?

Well, I did.  Guess what?  The encoding that Directory Server does
is nearly identical, byte for byte, to what we do.

But it gets uglier.  Netscape Communicator fails randomly with
the same error when doing SSL+login to a Netscape Directory
Server.  The failure rate is maybe 50%.  Sometimes it works,
sometimes it doesn't.  Traces from both successful and failed
tries seem identical up to the failure point.  Just as traces
from OpenLDAP slapd are.  I say 'seem' because SSL data always
depends on random data, but they look equivalent to me and
they decode to exactly the same LDAP PDUs.

So I don't know what is happening.  Maybe Communicator fails all
the time and this has never worked at all for anyone.  Maybe the
certificates I use are somehow broken (I made them with OpenSSL),
though they work alright with HTTPS.  Maybe my platform is broken,
I did everything on Linux RedHat 7.0 (except Communicator that I
tried from NT too).

So please, anyone who has tried authentication over SSL from
Communicator to any LDAP server and has made it work, could please
describe their environment: OS and DS versions and what Certificate
Authority they used (I'd appreciate data from the server certificate
such as usage attributes and such).

Thanks in advance,


P.S. I have asked for help at openssl-users, but I got no answer so