[Date Prev][Date Next] [Chronological] [Thread] [Top]

Using TLS/SSL with openldap 2.1.2

To: openldap-software@OpenLDAP.org
Subject: Using TLS/SSL with openldap 2.1.2
From: Dinesh Salegame <dvs@comneti.com>
Date: Wed, 17 Jul 2002 14:58:26 -0500

Hello,

 I am trying to use the openldap 2.1.2 on HP-UX 11.0 and I want to issue
ldap commands with TLS.
A normal ldapsearch without the -Z option works fine.
 When I do a ldapsearch with the -Z option on the ldap port I get the
following errors:

 on the server

connection_read(10): checking for input on id=1
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS: can't accept.
connection_read(10): TLS accept error error=-1 id=1, closing

on the ldap client:
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 1, err: 0, subject:
/C=US/ST=ILLINOIS/L=Lis
le/O=Comnet Int/OU=SUPPORT/CN=aptrain/Email=dvs@comneti.com, issuer:
/C=US/ST=IL
LINOIS/L=Lisle/O=Comnet Int/OU=SUPPORT/CN=aptrain/Email=dvs@comneti.com
TLS certificate verification: depth: 0, err: 0, subject:
/C=US/ST=ILLINOIS/O=Com
net Int/OU=SUP/CN=aptrain/Email=dvs@comneti.com, issuer:
/C=US/ST=ILLINOIS/L=Lis
le/O=Comnet Int/OU=SUPPORT/CN=aptrain/Email=dvs@comneti.com
TLS trace: SSL_connect:SSLv3 read server certificate A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
TLS trace: SSL_connect:SSLv3 flush data
TLS trace: SSL_connect:error in SSLv3 read finished A
TLS trace: SSL_connect:error in SSLv3 read finished A
TLS: can't connect.
ldap_perror
ldap_start_tls: Connect error (91)
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_flush: 48 bytes to sd 3
ldap_free_request (origid 2, msgid 2)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_perror
ldap_bind: Can't contact LDAP server (81)

My configuration files are as follows:
ldap.conf
host aptrain.comneti.com
base dc=comneti,dc=com
ssl start_tls
ssl yes
TLS_CACERT /opt/openssl/demoCA/cacert.pem

slapd.conf
TLSVerifyClient never
TLSCertificateFile /opt/openssl/bin/abcnew_cert.pem
TLSCertificateKeyFile /opt/openssl/bin/abckey.pem
TLSCACertificateFile /opt/openssl/demoCA/cacert.pem
TLSCipherSuite HIGH:MEDIUM:+SSLv3

Is there any options that are missing ? I was able to use the openssl
s_server and s_client to talk using the certificates in the slapd.conf.

Thanks in advance for your help.

dinesh

Follow-Ups:
- Re: Using TLS/SSL with openldap 2.1.2
  - From: "Peter A. Savitch" <spam4octan@highway.ru>

Prev by Date: Residential and business addresses schema
Next by Date: Re: Residential and business addresses schema
Index(es):
- Chronological
- Thread