[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Tools for tracing TLS/SSL

To: Dinesh Salegame <dvs@comneti.com>
Subject: Re: Tools for tracing TLS/SSL
From: "Kervin L. Pierre" <kervin@blueprint-tech.com>
Date: Fri, 30 Aug 2002 17:30:21 -0400
Cc: Tony Earnshaw <tonni@billy.demon.nl>, openldap-software@OpenLDAP.org
References: <3D6FBFA1.257F1907@comneti.com> <1030736234.20642.122.camel@billy.demon.nl> <3D6FE712.18E6515@comneti.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1b) Gecko/20020828

Can regular openldap clients connect using SSL? eg. ldapsearch with the -ZZ option.

Are you using OpenLDAP library functions to connect in your client? eg. ldap_initialize(ld, "ldaps://ldapserver/").

OpenSSL comes with s_client and s_server. Check the man manpages for these. You should be able to establish a connection to your server using "openssl s_client ..." and your client should be able to establish a connect to the "openssl s_server" process as well.

As someone else said, you should run slapd with '-d 1' to get more info.

I don't think you should have to use SSL dump unless you are doing your own SSL API calls.

--Kervin

Dinesh Salegame wrote:

Tony,

Thanks. I will try ethereal/ssldump. It is just that I have tried everything
(debug options, config etc..) to get the TLS/SSL to work with openldap. For
some reason the TLS/SSL handshake between the client and server fails. The
Client writes the key exchange and cipher spec but the server is not able to
read it. I want to see if these tools will help to check if the server
receives the client message or not.

thanks,
dinesh

Tony Earnshaw wrote:

fre, 2002-08-30 kl. 20:55 skrev Dinesh Salegame:

Is there any tools for tracing SSL packets ? I am having problems
getting a openldap client to talk to a opnldap server using TLS/SSL.


Slapd -d -1?

Or what could you, as a mortal, make of the content of TLS packets?

OTOH if you want to see the contents of IP packets, headers and all,
Ethereal.

Best,

Tony

--

Tony Earnshaw

The usefulness of RTFM is vastly overrated.

e-post:         tonni@billy.demon.nl
www:            http://www.billy.demon.nl
gpg public key: http://www.billy.demon.nl/tonni.armor

Telefoon:       (+31) (0)172 530428
Mobiel:         (+31) (0)6 51153356

GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981
3BE7B981

 ------------------------------------------------------------------------
                      Name: signature.asc
  signature.asc       Type: application/pgp-signature
               Description: Dette er en digitalt signert meldingsdel

References:
- Tools for tracing TLS/SSL
  - From: Dinesh Salegame <dvs@comneti.com>
- Re: Tools for tracing TLS/SSL
  - From: Tony Earnshaw <tonni@billy.demon.nl>
- Re: Tools for tracing TLS/SSL
  - From: Dinesh Salegame <dvs@comneti.com>

Prev by Date: Re: Tools for tracing TLS/SSL
Next by Date: Re: Tools for tracing TLS/SSL
Index(es):
- Chronological
- Thread