[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: how to get TLS working


I don't have all of your facts, so you could have run into one of many
problems.  What are your slapd.conf and ldap.conf (or ldaprc) entries?  Are
you connected to an SSL LDAP port (ldaps://) and trying to call
ldap_start_tls_s()?  I believe that results in a "broken pipe" error so you
probably don't have that problem.

You can look at http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html
and double check your configuration steps.


"You don't stop playing because you grow old ...
       you grow old because you stop playing."

Linux Technology Center, Linux Security
tie line:     678-9216
external:  1-512-838-9216
e-mail:  dksoper@us.ibm.com

                      Dave Snoopy                                                                                                    
                      <kingsnoopy7@yahoo.com>          To:       openldap <openldap-software@OpenLDAP.org>                           
                      Sent by:                         cc:                                                                           
                      owner-openldap-software@O        Subject:  how to get TLS working                                              
                      06/19/2003 12:52 PM                                                                                            

According to my IT manager, our OpenLDAP server
supports TLS. I'm trying to get my LDAP client to work
with it. I call the function ldap_start_tls_s, and it
fails with error LDAP_CONNECT_ERROR (0x5b).

I traced the problem down to tls_info_cb in tls.c. It
gets a callback from SSL_connect in the SSL_CB_EXIT
state, with a "ret" of -1. The SSL error at that point

  TLS trace: SSL_connect:error in SSLv3 read server
certificate B
  TLS trace: SSL_connect:error in SSLv3 read server
certificate B

Any idea what this means? Am I missing some type of
setup, or intermediary step?


Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!