[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Outlook + OpenLDAP: TLSVerifyClient 0 = No Crash

To: "Seth Ladd" <seth@brivo.com>, <openldap-software@OpenLDAP.org>
Subject: RE: Outlook + OpenLDAP: TLSVerifyClient 0 = No Crash
From: "Howard Chu" <hyc@highlandsun.com>
Date: Thu, 19 Oct 2000 15:32:04 -0700
Importance: Normal
In-reply-to: <NEBBKMPANMKPHJANMEBJGELECDAA.seth@brivo.com>

This is the expected slapd behavior when TLSVerifyClient is enabled. It
looks
to me like your slapd doesn't have the patch that Kurt pointed out.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Seth Ladd
> Sent: Thursday, October 19, 2000 8:32 AM
> To: openldap-software@OpenLDAP.org
> Subject: Outlook + OpenLDAP: TLSVerifyClient 0 = No Crash
>
>
> Hello,
>
> I placed
>
> TLSVerifyClient 0
>
> inside my slapd.conf file, and by doing this Outlook does /not/ crash.  It
> still generates an error, though.
>
> I have included the debug output below.  I hope it can point out the
> problem.  I am wondering if I generated the certificate for OpenLDAP
> correctly?
>
> Thanks very much,
> Seth
>
> daemon: activity on 1 descriptors
> daemon: new connection on 10
> daemon: conn=4 fd=10 connection from IP=192.168.192.233:2505
> (IP=0.0.0.0:636) accepted.
> daemon: added 10r
> daemon: activity on:
> daemon: select: listen=6 active_threads=0 tvp=NULL
> daemon: select: listen=7 active_threads=0 tvp=NULL
> daemon: activity on 1 descriptors
> daemon: activity on: 10r
> daemon: read activity on 10
> connection_get(10): got connid=4
> connection_read(10): checking for input on id=4
> TLS trace: SSL_accept:before/accept initialization
> TLS trace: SSL_accept:SSLv3 read client hello A
> TLS trace: SSL_accept:SSLv3 write server hello A
> TLS trace: SSL_accept:SSLv3 write certificate A
> TLS trace: SSL_accept:SSLv3 write certificate request A
> TLS trace: SSL_accept:SSLv3 flush data
> TLS trace: SSL_accept:error in SSLv3 read client certificate A
> TLS trace: SSL_accept:error in SSLv3 read client certificate A
> daemon: select: listen=6 active_threads=0 tvp=NULL
> daemon: select: listen=7 active_threads=0 tvp=NULL
> daemon: activity on 1 descriptors
> daemon: activity on: 10r
> daemon: read activity on 10
> connection_get(10): got connid=4
> connection_read(10): checking for input on id=4
> TLS trace: SSL3 alert write:fatal:handshake failure
> TLS trace: SSL_accept:error in SSLv3 read client certificate B
> TLS: can't accept.
> TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not
> return a certificate s3_srvr.c:1666
> connection_read(10): TLS accept error error=-1 id=4, closing
> connection_closing: readying conn=4 sd=10 for close
> connection_close: conn=4 sd=10
> daemon: removing 10
> conn=-1 fd=10 closed
> daemon: select: listen=6 active_threads=0 tvp=NULL
> daemon: select: listen=7 active_threads=0 tvp=NULL
> daemon: activity on 1 descriptors
> daemon: select: listen=6 active_threads=0 tvp=NULL
> daemon: select: listen=7 active_threads=0 tvp=NULL
>

References:
- Outlook + OpenLDAP: TLSVerifyClient 0 = No Crash
  - From: "Seth Ladd" <seth@brivo.com>

Prev by Date: Re: LDAP update
Next by Date: Access Control
Index(es):
- Chronological
- Thread