[Date Prev][Date Next] [Chronological] [Thread] [Top]

FW: LDAP and TLS

To: "LDAP Mailing List" <openldap-software@OpenLDAP.org>
Subject: FW: LDAP and TLS
From: "Geert Van Muylem" <Geert.Van.Muylem@SKYNET.BE>
Date: Wed, 27 Feb 2002 15:28:46 +0100
Importance: Normal

Hi,

Found what the problem was...
I used the IP-address in the ldap_init():   ld = ldap_init("127.0.0.1",
389);

The ldap_int_tls_start() compares the host with the names in the
certificates:
So it compares "127.0.0.1" with "apollo" (as part of cn=...) which does not
matsch
eventough the name of my localhost is apollo!
So I changed my init to:
ld = ldap_init("apollo", 389); and everything works fine!!!!

Hope this helps some other people who are trying to do the same...

Regards,
Geert
BTW: Does anyone has the DLL versions of the OpenLDAP libraries (WIN32)
or libs which can be used with BCPP?

-----Original Message-----
From: Geert Van Muylem [mailto:Geert.Van.Muylem@SKYNET.BE]
Sent: woensdag 27 februari 2002 13:32
To: LDAP Mailing List
Subject: LDAP and TLS


Hi all,

I'm testing OpenLDAP 2.0.23 and TLS on W2K...
The client and server are running on the same PC

These are the entries in my slapd.conf:
TLSCertificateFile      d:\\OpenLDAP\\KEYS\\ld3_cert.pem
TLSCertificateKeyFile   d:\\OpenLDAP\\KEYS\\ld3_sk.pem
TLSCACertificateFile    d:\\OpenLDAP\\KEYS\\cacert.pem

I'm getting a connect-error (0x5b) when executing  ldap_start_tls_s(...)
The DN of my server certificate: CN=apollo, c=BE
Windows 2000 IP Configuration:

        Host Name . . . . . . . . . . . . : apollo
        Primary DNS Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : Yes
        WINS Proxy Enabled. . . . . . . . : No

Can someone tell me what's going wrong?

Thanks,
Geert

C:\OpenLDAP>slapd -d 1 -h "ldap:/// ldaps:///"
starting slapd...
OpenLDAP -devel Standalone LDAP Server (slapd)daemon_init: listen on
ldap:///
daemon_init: listen on ldaps:///
daemon_init: 2 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: initialized ldap:///
ldap_url_parse_ext(ldaps:///)
daemon: initialized ldaps:///
daemon_init: 2 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
Enter PEM pass phrase:
slapd startup: initiated.
slapd starting
connection_get(676): got connid=0
connection_read(676): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 29 contents:
ber_get_next
do_extended
ber_get_next on fd 676 failed errno=10035 (WSAEWOULDBLOCK)
ber_scanf fmt ({a) ber:
send_ldap_extended 0: (0)
send_ldap_response: msgid=1 tag=120 err=0
ber_flush: 14 bytes to sd 676
connection_get(676): got connid=0
connection_read(676): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:SSLv3 read client key exchange A
TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
TLS trace: SSL_accept:SSLv3 flush data
connection_get(676): got connid=0
connection_read(676): checking for input on id=0
ber_get_next
ber_get_next on fd 676 failed errno=10054 (WSAECONNRESET)
connection_read(676): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=676 for close
connection_close: conn=0 sd=676

Prev by Date: Performance problems?
Next by Date: recommended stuff
Index(es):
- Chronological
- Thread