[Date Prev][Date Next] [Chronological] [Thread] [Top]

More TLS questions

To: openldap-software@OpenLDAP.org
Subject: More TLS questions
From: Rob Lindenbusch <rlindenbusch@www.IN.gov>
Date: Tue, 20 Mar 2001 11:56:12 -0500

	I'm >>really<< close to getting my TLS connection to openLDAP working, but I
have run into a snag. I am using:
	
	OS: Solaris 2.6
	openldap: 2.0.7
	openssl: 0.9.6
	cyrus-sasl: 1.5.24

	I have generated a certificate just fine, and have started slapd running both
normal and SSL ports. I connected to the server through Netscape with
https://server:636/ and validated the certificate, and I was able to go to 
ldaps://server/?supportedsaslmechanisms with no problem. When I try to use
ldapsearch however, I run into trouble:

ldapsearch -h localhost -p 389 -x -b "" -s base -LLL supportedSASLMechanisms

returns
dn:
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: ANONYMOUS
supportedSASLMechanisms: CRAM-MD5

ldapsearch -h localhost -p 389 -x -b "" -s base -LLL -ZZ \ 				
supportedSASLMechanisms

returns

ldap_start_tls: Success
        additional info: error:24064064:random number
generator:SSLEAY_RAND_BYTES:PRNG not seeded

I have set up /dev/random from SUNWski and am also running egd (using
/dev/egd-pool)

I have set $RANDFILE to both of these, and have RANDFILE set in openssl.conf to
/dev/egd-pool

None of this seems to work. If I turn debugging on at the client, I see:

TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 1, subject:
/C=US/ST=Indiana/L=Indianapolis/O=Indiana Interactive/OU=accessIndiana/CN=Billy
Bobs Signing Co./Email=billy-bob@www.IN.gov, issuer:
/C=US/ST=Indiana/L=Indianapolis/O=Indiana Interactive/OU=accessIndiana/CN=Billy
Bobs Signing Co./Email=billy-bob@www.IN.gov
TLS trace: SSL_connect:SSLv3 read server certificate A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:error in SSLv3 write client key exchange A
TLS trace: SSL_connect:error in SSLv3 write client key exchange A
TLS: can't connect.
ldap_perror
ldap_start_tls: Success
        additional info: error:24064064:random number
generator:SSLEAY_RAND_BYTES:PRNG not seeded

Any ideas at all? I'm stumped.

Thanks
Rob


-- 


Rob Lindenbusch
Lead Systems Administrator
accessIndiana
E-mail: rlindenbusch@www.IN.gov
Phone: (317)233-2378
URL: http://www.IN.gov/

Prev by Date: openldap sizing??
Next by Date: Re: UW-IMAP auth via PAM & LDAP
Index(es):
- Chronological
- Thread