[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Tools for tracing TLS/SSL

Can regular openldap clients connect using SSL? eg. ldapsearch with the -ZZ option.

Are you using OpenLDAP library functions to connect in your client? eg. ldap_initialize(ld, "ldaps://ldapserver/").

OpenSSL comes with s_client and s_server. Check the man manpages for these. You should be able to establish a connection to your server using "openssl s_client ..." and your client should be able to establish a connect to the "openssl s_server" process as well.

As someone else said, you should run slapd with '-d 1' to get more info.

I don't think you should have to use SSL dump unless you are doing your own SSL API calls.


Dinesh Salegame wrote:

Thanks. I will try ethereal/ssldump. It is just that I have tried everything
(debug options, config etc..) to get the TLS/SSL to work with openldap. For
some reason the TLS/SSL handshake between the client and server fails. The
Client writes the key exchange and cipher spec but the server is not able to
read it. I want to see if these tools will help to check if the server
receives the client message or not.


Tony Earnshaw wrote:

fre, 2002-08-30 kl. 20:55 skrev Dinesh Salegame:

Is there any tools for tracing SSL packets ? I am having problems
getting a openldap client to talk to a opnldap server using TLS/SSL.

Slapd -d -1?

Or what could you, as a mortal, make of the content of TLS packets?

OTOH if you want to see the contents of IP packets, headers and all,




Tony Earnshaw

The usefulness of RTFM is vastly overrated.

e-post:         tonni@billy.demon.nl
www:            http://www.billy.demon.nl
gpg public key: http://www.billy.demon.nl/tonni.armor

Telefoon:       (+31) (0)172 530428
Mobiel:         (+31) (0)6 51153356

GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981

                      Name: signature.asc
  signature.asc       Type: application/pgp-signature
               Description: Dette er en digitalt signert meldingsdel