[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
just SSL
I still get an error when I set the SSLv3 as an option.
Client: cant connect on 636
Slapd.conf
ssl yes
port 636
TLSCipherSuite HIGH:MEDIUM:+SSLv3
TLSCertificateFile /opt/LocalCA/server_crt.pem
TLSCertificateKeyFile /opt/LocalCA/server_key.pem
TLSCACertificateFile /opt/LocalCA/cacert.pem
TLSVerifyClient never
SERVER:
put_simple_filter: "objectclass=*"
ber_scanf fmt (m) ber:
connection_get(13): got connid=0
connection_read(13): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(13): got connid=0
connection_read(13): checking for input on id=0
TLS trace: SSL_accept:SSLv3 read client key exchange A
TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
TLS trace: SSL_accept:SSLv3 flush data
connection_read(13): unable to get TLS client DN error=49 id=0
connection_get(13): got connid=0
connection_read(13): checking for input on id=0
ber_get_next
TLS trace: SSL3 alert read:warning:close notify
ber_get_next on fd 13 failed errno=0 (Success)
connection_read(13): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=13 for close
connection_close: conn=0 sd=13
TLS trace: SSL3 alert write:warning:close notify
slap_sig_shutdown: signal 2
slap_sig_shutdown: signal 2
daemon: shutdown requested and initiated.
slapd shutdown: waiting for 0 threads to terminate
slapd shutdown: initiated
====> bdb_cache_release_all
slapd shutdown: freeing system resources.
====> bdb_cache_release_all
slapd stopped.
> -----Original Message-----
> From: Ron Wahler
> Sent: Tuesday, July 01, 2003 10:30 AM
> To: Lawrence, Mike (White Plains); freeradius-users@lists.cistron.nl;
> openldap-software@OpenLDAP.org
> Subject: RE: TLS / SSL
>
>
>
> Getting this but the client can't connect at port 636
>
> CLIENT
> m_ldap: setting TLS mode to 1
> rlm_ldap: bind as cn=Manager,dc=fido,dc=com/secret to 10.0.0.94:636
> rlm_ldap: cn=Manager,dc=fido,dc=com bind to 10.0.0.94:636 failed:
Can't
> contact LDAP server
> rlm_ldap: (re)connection attempt failed
>
>
>
> SERVER:
>
> ldap_pvt_gethostbyname_a: host=fido, r=0
> put_filter: "(objectclass=*)"
> put_filter: simple
> put_simple_filter: "objectclass=*"
> ber_scanf fmt (m) ber:
> connection_get(13): got connid=0
> connection_read(13): checking for input on id=0
> TLS trace: SSL_accept:before/accept initialization
> TLS trace: SSL_accept:SSLv3 read client hello A
> TLS trace: SSL_accept:SSLv3 write server hello A
> TLS trace: SSL_accept:SSLv3 write certificate A
> TLS trace: SSL_accept:SSLv3 write server done A
> TLS trace: SSL_accept:SSLv3 flush data
> TLS trace: SSL_accept:error in SSLv3 read client certificate A
> TLS trace: SSL_accept:error in SSLv3 read client certificate A
> connection_get(13): got connid=0
> connection_read(13): checking for input on id=0
> TLS trace: SSL_accept:SSLv3 read client key exchange A
> TLS trace: SSL_accept:SSLv3 read finished A
> TLS trace: SSL_accept:SSLv3 write change cipher spec A
> TLS trace: SSL_accept:SSLv3 write finished A
> TLS trace: SSL_accept:SSLv3 flush data
> connection_read(13): unable to get TLS client DN error=49 id=0
> connection_get(13): got connid=0
> connection_read(13): checking for input on id=0
> ber_get_next
> TLS trace: SSL3 alert read:warning:close notify
> ber_get_next on fd 13 failed errno=0 (Success)
> connection_read(13): input error=-2 id=0, closing.
> connection_closing: readying conn=0 sd=13 for close
> connection_close: conn=0 sd=13
> TLS trace: SSL3 alert write:warning:close notify
>
>
>
>
>
> > -----Original Message-----
> > From: Lawrence, Mike (White Plains)
> > [mailto:Mike.Lawrence@starwoodhotels.com]
> > Sent: Tuesday, July 01, 2003 9:01 AM
> > To: Ron Wahler
> > Subject: RE: TLS / SSL
> >
> >
> > Hi Ron - I see that error as well and what it means is that
> > the server was unable to get a client certificate. It doesn't
> > need one to do ssl/tls, but it will still give the error if
> > it doesn't have one, so it's basically a noise error and not
> > a big deal unless you do have a client cert and are trying to
> > use it.
> >
> > -----Original Message-----
> > From: Ron Wahler [mailto:ron@rovingplanet.com]
> > Sent: Monday, June 30, 2003 4:01 PM
> > To: openldap-software@OpenLDAP. org
> > Subject: TLS / SSL
> >
> >
> >
> > I am getting the following error when trying to connect
> > From FreeRadius to OpenLDAP on SSL port 636. Is there
> > Something here I can look at in the configuration files?
> >
> > Ron.
> >
> >
> >
> > connection_get(13): got connid=0
> > connection_read(13): checking for input on id=0
> > TLS trace: SSL_accept:SSLv3 read client key exchange A
> > TLS trace: SSL_accept:SSLv3 read finished A
> > TLS trace: SSL_accept:SSLv3 write change cipher spec A
> > TLS trace: SSL_accept:SSLv3 write finished A
> > TLS trace: SSL_accept:SSLv3 flush data
> > connection_read(13): unable to get TLS client DN error=49 id=0
> > connection_get(13): got connid=0
> > connection_read(13): checking for input on id=0
> > ber_get_next
> > TLS trace: SSL3 alert read:warning:close notify
> > ber_get_next on fd 13 failed errno=0 (Success)
> > connection_read(13): input error=-2 id=0, closing.
> > connection_closing: readying conn=0 sd=13 for close
> > connection_close: conn=0 sd=13
> > TLS trace: SSL3 alert write:warning:close notify
> >
> >
> > This electronic message transmission contains information from the
> Company
> > that may be proprietary, confidential and/or privileged.
> > The information is intended only for the use of the individual(s) or
> > entity named above. If you are not the intended recipient, be
> > aware that any disclosure, copying or distribution or use of the
> contents
> > of this information is prohibited. If you have received
> > this electronic transmission in error, please notify the sender
> > immediately by replying to the address listed in the "From:" field.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html