[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: TLS / SSL


Getting this but the client can't connect at port 636

CLIENT
m_ldap: setting TLS mode to 1
rlm_ldap: bind as cn=Manager,dc=fido,dc=com/secret to 10.0.0.94:636
rlm_ldap: cn=Manager,dc=fido,dc=com bind to 10.0.0.94:636 failed: Can't
contact LDAP server
rlm_ldap: (re)connection attempt failed



SERVER:

ldap_pvt_gethostbyname_a: host=fido, r=0
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ber_scanf fmt (m) ber:
connection_get(13): got connid=0
connection_read(13): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(13): got connid=0
connection_read(13): checking for input on id=0
TLS trace: SSL_accept:SSLv3 read client key exchange A
TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
TLS trace: SSL_accept:SSLv3 flush data
connection_read(13): unable to get TLS client DN error=49 id=0
connection_get(13): got connid=0
connection_read(13): checking for input on id=0
ber_get_next
TLS trace: SSL3 alert read:warning:close notify
ber_get_next on fd 13 failed errno=0 (Success)
connection_read(13): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=13 for close
connection_close: conn=0 sd=13
TLS trace: SSL3 alert write:warning:close notify





> -----Original Message-----
> From: Lawrence, Mike (White Plains)
> [mailto:Mike.Lawrence@starwoodhotels.com]
> Sent: Tuesday, July 01, 2003 9:01 AM
> To: Ron Wahler
> Subject: RE: TLS / SSL
> 
> 
> Hi Ron - I see that error as well and what it means is that
> the server was unable to get a client certificate.  It doesn't
> need one to do ssl/tls, but it will still give the error if
> it doesn't have one, so it's basically a noise error and not
> a big deal unless you do have a client cert and are trying to
> use it.
> 
> -----Original Message-----
> From: Ron Wahler [mailto:ron@rovingplanet.com]
> Sent: Monday, June 30, 2003 4:01 PM
> To: openldap-software@OpenLDAP. org
> Subject: TLS / SSL
> 
> 
> 
> I am getting the following error when trying to connect
> From FreeRadius to OpenLDAP on SSL port 636.  Is there
> Something here I can look at in the configuration files?
> 
> Ron.
> 
> 
> 
> connection_get(13): got connid=0
> connection_read(13): checking for input on id=0
> TLS trace: SSL_accept:SSLv3 read client key exchange A
> TLS trace: SSL_accept:SSLv3 read finished A
> TLS trace: SSL_accept:SSLv3 write change cipher spec A
> TLS trace: SSL_accept:SSLv3 write finished A
> TLS trace: SSL_accept:SSLv3 flush data
> connection_read(13): unable to get TLS client DN error=49 id=0
> connection_get(13): got connid=0
> connection_read(13): checking for input on id=0
> ber_get_next
> TLS trace: SSL3 alert read:warning:close notify
> ber_get_next on fd 13 failed errno=0 (Success)
> connection_read(13): input error=-2 id=0, closing.
> connection_closing: readying conn=0 sd=13 for close
> connection_close: conn=0 sd=13
> TLS trace: SSL3 alert write:warning:close notify
> 
> 
> This electronic message transmission contains information from the
Company
> that may be proprietary, confidential and/or privileged.
> The information is intended only for the use of the individual(s) or
> entity named above.  If you are not the intended recipient, be
> aware that any disclosure, copying or distribution or use of the
contents
> of this information is prohibited.  If you have received
> this electronic transmission in error, please notify the sender
> immediately by replying to the address listed in the "From:" field.