[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Outlook Express crashes talking to slapd using SSL

To: "Jim Hud" <jdhz@btinternet.com>, <openldap-software@OpenLDAP.org>
Subject: RE: Outlook Express crashes talking to slapd using SSL
From: "Howard Chu" <hyc@highlandsun.com>
Date: Wed, 11 Oct 2000 13:39:45 -0700
Importance: Normal
In-reply-to: <000901c033ac$65afb7a0$4e42a8c0@dhntnbook>

You should have also included the actual commandlines you issued when
generating these
logs. The ldapsearch log indicates that you tried to connect your client to
the ldaps port using LDAPv3's StartTLS feature. These two factors are
incompatible. The -Z option to use
the StartTLS command is used on a cleartext LDAPv3 session, to negotiate a
changeover to TLS operation. The ldaps port is used for a connection already
wrapped in SSL. You tried to send cleartext LDAP transactions to a port that
was expecting an SSL handshake.

Since you're using the ldaps port, you should be running your ldapsearch
command with
   ldapsearch -H ldaps://hostname
instead of the -Z option.

Whether this has anything to do with Outlook Express is beyond me.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Jim Hud
> Sent: Wednesday, October 11, 2000 10:55 AM
> To: openldap-software@OpenLDAP.org
> Subject: Outlook Express crashes talking to slapd using SSL
>
>
> My test system comprises
>
> NT4 SP6, slapd 2.0.6 compiled with OpenSSL, demo cert using RSA
>
> Outlook Express 5 works OK without SSL enabled but crashes with
> SSL enabled.
> This is probably not a slapd problem but I can't get ldapsearch to work
> either.  I have pasted in two logs:
>
> a) the slapd log when Outlook crashed
> b) the ldapsearch log from a different session
>
> Thanks
>
>
>
> a)
>
> OpenLDAP -devel Standalone LDAP Server (slapd)daemon_init: ldap:///
> ldaps:///
> daemon_init: listen on ldap:///
> daemon_init: listen on ldaps:///
> daemon_init: 2 listeners to open...
> ldap_url_parse(ldap:///)
> daemon: initialized ldap:///
> ldap_url_parse(ldaps:///)
> daemon: initialized ldaps:///
> daemon_init: 2 listeners opened

> b)
>
> ldap_create
> ldap_extended_operation_s
> ldap_extended_operation
> ldap_send_initial_request
> ldap_new_connection
> ldap_int_open_connection
> ldap_connect_to_host
> ldap_new_socket: 84
> ldap_prepare_socket: 84
> ldap_connect_to_host: Trying 192.168.66.201:636
> ldap_connect_timeout: fd: 84 tm: -1 async: 0
> ldap_ndelay_on: 84
> ldap_is_sock_ready: 84
> ldap_ndelay_off: 84
> ldap_int_sasl_open: HUDSONZ
> ldap_delayed_open successful, ld_host is (null)
> ldap_send_server_request
> ber_flush: 31 bytes to sd 84
>   0000:  30 1d 02 01 01 77 18 80  16 31 2e 33 2e 36 2e 31
> 0....w...1.3.6.1
>   0010:  2e 34 2e 31 2e 31 34 36  36 2e 32 30 30 33 37
> .4.1.1466.20037
> sockbuf_write: want=31, written=31
>   0000:  30 1d 02 01 01 77 18 80  16 31 2e 33 2e 36 2e 31
> 0....w...1.3.6.1
>   0010:  2e 34 2e 31 2e 31 34 36  36 2e 32 30 30 33 37
> .4.1.1466.20037
> ldap_result
> wait4msg (infinite timeout)
> ** Connections:
> * host: 192.168.66.201  port: 636  (default)
>   refcnt: 2  status: Connected
>   last used: Wed Oct 11 17:43:27 2000
>
> ** Outstanding Requests:
>  * msgid 1,  origid 1, status InProgress
>    outstanding referrals 0, parent count 0
> ** Response Queue:
>    Empty
> do_ldap_select
> read1msg
> ber_get_next
> sockbuf_read: want=1, got=0
>
> ber_get_next failed.
> WARNING: could not start TLS tls:1

References:
- Outlook Express crashes talking to slapd using SSL
  - From: "Jim Hud" <jdhz@btinternet.com>

Prev by Date: How to test slapd with TSL/SSL?
Next by Date: RE: How to test slapd with TSL/SSL?
Index(es):
- Chronological
- Thread