[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Problems with SSL

To: "Anthony Brock" <abrock@georgefox.edu>, "Open LDAP Devel" <openldap-devel@OpenLDAP.org>
Subject: RE: Problems with SSL
From: "Howard Chu" <hyc@highlandsun.com>
Date: Wed, 20 Mar 2002 19:48:34 -0800
Importance: Normal
In-reply-to: <5.1.0.14.2.20020320173019.02f11490@mail.georgefox.edu>

Are you using TLSVerifyClient in your slapd.conf? The syntax of this keyword
has changed. (Although the old behavior is supposed to still be supported,
perhaps there's a problem there.)

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-devel@OpenLDAP.org
> [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Anthony Brock
> Sent: Wednesday, March 20, 2002 5:50 PM
> To: Open LDAP Devel
> Subject: Problems with SSL
>
>
> I am having two other problems now. First, I am not able to connect using
> SSL (certificate issued by Thawte). This works perfectly if I
> downgrade to
> the 2.0.23 version of OpenLDAP. I am seeing the following in the debug
> (level 1) log:
>
>
> ********************
> TLS trace: SSL_accept:before/accept initialization
> TLS trace: SSL_accept:SSLv3 read client hello A
> TLS trace: SSL_accept:SSLv3 write server hello A
> TLS trace: SSL_accept:SSLv3 write certificate A
> TLS trace: SSL_accept:SSLv3 write server done A
> TLS trace: SSL_accept:SSLv3 flush data
> TLS trace: SSL_accept:error in SSLv3 read client certificate A
> TLS trace: SSL_accept:error in SSLv3 read client certificate A
> connection_get(12): got connid=0
> connection_read(12): checking for input on id=0
> TLS trace: SSL_accept:SSLv3 read client key exchange A
> TLS trace: SSL_accept:SSLv3 read finished A
> TLS trace: SSL_accept:SSLv3 write change cipher spec A
> TLS trace: SSL_accept:SSLv3 write finished A
> TLS trace: SSL_accept:SSLv3 flush data
> connection_get(12): got connid=0
> connection_read(12): checking for input on id=0
> ber_get_next
> TLS trace: SSL3 alert read:warning:bad certificate
> ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable)
> ********************
>
>
> Any ideas? I would appreciate some pointers on these. Thanks!
>
> Tony
>
> ******************************************************************
> ************
> * Anthony Brock
> abrock@georgefox.edu *
> * Director of Network Services                         George Fox
> University *
> ******************************************************************
> ************

References:
- Problems with SSL
  - From: Anthony Brock <abrock@georgefox.edu>

Prev by Date: RE: [dev_ldap] RE: back-perl and password/user synchronization
Next by Date: Re: [dev_ldap] RE: back-perl and password/user synchronization
Index(es):
- Chronological
- Thread