[Date Prev][Date Next] [Chronological] [Thread] [Top]
LDAP and TLS

To: "LDAP Mailing List" <openldap-software@OpenLDAP.org>
Subject: LDAP and TLS
From: "Geert Van Muylem" <Geert.Van.Muylem@SKYNET.BE>
Date: Fri, 31 Aug 2001 21:07:41 +0200
Importance: Normal
Hi


I've set up a client-server environment where
both server and client exchange their certificates for authentication
(SSL/TLS)
Eveything seems to work now but in the debugging messages I see some error
lines.
Can someone explain them:

TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A

and

connection_read(10): input error=-2 id=0, closing.



gvm@dragon:~/Tools > ldssld
Password:
@(#) $OpenLDAP: slapd 2.0.11-Release (Mon Aug 13 23:12:15 CEST 2001) $
        gvm@linux:/home/gvm/LDAP/OpenLDAP/openldap-2.0.11/servers/slapd
daemon_init: listen on ldap://
daemon_init: listen on ldaps://
daemon_init: 2 listeners to open...
ldap_url_parse_ext(ldap://)
daemon: socket() failed errno=97 (Address family not supported by protocol)
daemon: initialized ldap://
ldap_url_parse_ext(ldaps://)
daemon: socket() failed errno=97 (Address family not supported by protocol)
daemon: initialized ldaps://
daemon_init: 2 listeners opened
slapd init: initiated server.
Enter PEM pass phrase:
slapd startup: initiated.
slapd starting
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 29 contents:
ber_get_next
ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
do_extended
ber_scanf fmt ({a) ber:
send_ldap_extended 0: (0)
send_ldap_response: msgid=1 tag=120 err=0
ber_flush: 14 bytes to sd 10
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write certificate request A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
TLS certificate verification: depth: 1, subject:
/C=BE/ST=Antwerpen/L=Hoogstraten/O=HighSign/CN=Geert Van
Muylem/Email=GVM@HighSign.BE, issuer:
/C=BE/ST=Antwerpen/L=Hoogstraten/O=HighSign/CN=Geert Van
Muylem/Email=GVM@HighSign.BE
TLS certificate verification: depth: 0, subject:
/C=BE/ST=Antwerpen/O=HighSign/CN=Client, issuer:
/C=BE/ST=Antwerpen/L=Hoogstraten/O=HighSign/CN=Geert Van
Muylem/Email=GVM@HighSign.BE
TLS trace: SSL_accept:SSLv3 read client certificate A
TLS trace: SSL_accept:SSLv3 read client key exchange A
TLS trace: SSL_accept:SSLv3 read certificate verify A
TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
TLS trace: SSL_accept:SSLv3 flush data
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 36 contents:
do_bind
ber_get_next
ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
ber_scanf fmt ({iat) ber:
ber_scanf fmt (o}) ber:
do_bind: version=3 dn="cn=Manager, c=BE" method=128
dn2entry_r: dn: "CN=MANAGER,C=BE"
=> dn2id( "CN=MANAGER,C=BE" )
=> ldbm_cache_open( "/usr/local/var/openldap-ldbm/dn2id.dbb", 7, 600 )
<= ldbm_cache_open (opened 0)
<= dn2id NOID
dn2entry_r: dn: "C=BE"
=> dn2id( "C=BE" )
=> ldbm_cache_open( "/usr/local/var/openldap-ldbm/dn2id.dbb", 7, 600 )
<= ldbm_cache_open (cache 0)
<= dn2id 1
=> id2entry_r( 1 )
=> ldbm_cache_open( "/usr/local/var/openldap-ldbm/id2entry.dbb", 7, 600 )
<= ldbm_cache_open (opened 1)
=> str2entry
<= str2entry(c=BE) -> -1 (0x8182bb8)
<= id2entry_r( 1 ) 0x8182bb8 (disk)
====> cache_return_entry_r( 1 ): created (0)
do_bind: v3 bind: "cn=Manager, c=BE" to "cn=Manager,c=BE"
send_ldap_result: conn=0 op=1 p=3
send_ldap_response: msgid=2 tag=97 err=0
ber_flush: 14 bytes to sd 10
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 5 contents:
do_unbind
ber_get_next
ber_get_next on fd 10 failed errno=104 (Connection reset by peer)
connection_read(10): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=10 for close
connection_close: deferring conn=0 sd=10
connection_resched: reaquiring locks conn=0 sd=10
connection_resched: attempting closing conn=0 sd=10
connection_close: conn=0 sd=10
Prev by Date: pam_ldap+proftpd under SuSE Linux
Next by Date: privileges on an attribute
Index(es):
- Chronological
- Thread