[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: trying to get tls working



Title: RE: trying to get tls working

make sure the common name in the cert key is can be resolved by your clients

-----Original Message-----
From: Raphael Bauduin [mailto:rb@tiscali.be]
Sent: Wednesday, August 29, 2001 5:27 AM
To: openldap-software@OpenLDAP.org
Subject: trying to get tls working


I started slapd with -d1 for a connection with netscape.
here's the output for a failed request:
---------------------------------------------------------
connection_get(9): got connid=1
connection_read(9): checking for input on id=1
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read finished A
TLS trace: SSL_accept:error in SSLv3 read finished A
connection_get(9): got connid=1
connection_read(9): checking for input on id=1
TLS trace: SSL_accept:error in SSLv3 read finished A
connection_get(9): got connid=1
connection_read(9): checking for input on id=1
TLS trace: SSL_accept:SSLv3 read finished A
---------------------------------------------------------
 And here is the output for the first request (this ine succeeded)

ldbm_search: candidate 15 does not match filter
====> cache_return_entry_r( 15 ): created (0)
send_ldap_search_result 0::
send_ldap_response: msgid=2 tag=101 err=0
ber_flush: 14 bytes to sd 9
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 5 contents:
ber_get_next
TLS trace: SSL3 alert read:warning:close notify
ber_get_next on fd 9 failed errno=0 (Success)
connection_read(9): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=9 for close
connection_close: deferring conn=0 sd=9
do_unbind
connection_resched: attempting closing conn=0 sd=9
connection_close: conn=0 sd=9
TLS trace: SSL3 alert write:warning:close notify

My Ciphersuite is:
HIGH:MEDIUM:+SSLv2:RSA

connecting with gq gives:

TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
TLS: can't accept.
TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
s23_srvr.c:565
connection_read(9): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=9 for close
connection_close: conn=0 sd=9


I suppose I won't get any answer to this mail, but maybe it will be
helpful for people having the same problems to read my mails.


Raph


--
          Open Source and Free Software Developers Meeting
See you at the 2002 edition. Check the 2001 sessions on
www.opensource-tv.com
     Visit http://www.osdem.org and subscribe to the mailing list!