[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldapsearch / ldappasswd and SSL mode



Hi,

I'm having some trouble getting SSL mode working in OpenLDAP
2.0.7 (compiled on Red Hat 6.2, glibc 2.1.3, kernel 2.2.16,
OpenSSL 0.9.5a).

I can start the ldap server in debug mode using:

slapd -d 63 -h "ldap:/// ldaps:///"

I can get a connection to it using:

openssl s_client -connect localhost:636 -showcerts

(I don't know enough about the LDAP protocol at this point to
type any useful commands, but entering QUIT causes the connection
to close down successfully).

I can get a StartTLS search working using this:

ldapsearch -ZZ -x

... but the following command core dumps:

ldapsearch -H ldaps://localhost/ -x

... following the debug output of the slapd server, it appears that
the connection gets started OK, and almost completes OK.  I see messages
like these (trimming out the hex dump scribble):

TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=11

TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
tls_write: want=1024, written=1024

TLS trace: SSL_accept:SSLv3 flush data
tls_read: want=5 error=Resource temporarily unavailable
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 8r
daemon: read activity on 8
connection_get(8)
connection_get(8): got connid=0
connection_read(8): checking for input on id=0
tls_read: want=5, got=5

TLS trace: SSL_accept:SSLv3 read client key exchange A
tls_read: want=5, got=5

TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
tls_write: want=51, written=51

TLS trace: SSL_accept:SSLv3 flush data
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 8r
daemon: read activity on 8
connection_get(8)
connection_get(8): got connid=0
connection_read(8): checking for input on id=0
ber_get_next
tls_read: want=5, got=0

ldap_read: want=1, got=0

ber_get_next on fd 8 failed errno=0 (Success)
connection_read(8): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=8 for close
connection_close: conn=0 sd=8
daemon: removing 8
tls_write: want=29, written=29

TLS trace: SSL3 alert write:warning:close notify
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL

... and at this point the client dies with no output.

Does anyone have any ideas as to whether this is likely to
be a client or a server problem?  I don't seem to be able
to get any useful results out of the server using
"ldaps://localhost/..." with Netscape either ... should I
be able to?

----+------------------------+--------------------------
Del | mailto:del@babel.co.nz | Christchurch, New Zealand
----+------------------------+--------------------------