[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Multi-homed machine and TLS



El Miércoles, 15 de Septiembre de 2004 13:16, Imobach González Sosa escribió:

Ok, I know that only saying "it doesn't work" you could not help me much ;)... 
so, here we go with some debugging output from ldapsearch (with -d1 flag):

######### Debug Begins

TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 1, err: 0, subject: /C=ES/ST=My 
Province/L=My 
City/O=ULPGC/OU=SIC/CN=ldap2.my.domain/emailAddress=hostmaster@my.domain, 
issuer: /C=ES/ST=My Province/L=My 
City/O=ULPGC/OU=SIC/CN=ldap2.my.domain/emailAddress=hostmaster@my.domain
TLS certificate verification: depth: 0, err: 0, subject: /C=ES/ST=My 
Province/L=My 
City/O=ULPGC/OU=SIC/CN=cname.my.domain/emailAddress=hostmaster@my.domain/subjectAltName=DNS:ldap2.sub.my.domain,DNS:ldap2.my.domain, 
issuer: /C=ES/ST=My Province/L=My 
City/O=ULPGC/OU=SIC/CN=ldap2.my.domain/emailAddress=hostmaster@my.domain
TLS trace: SSL_connect:SSLv3 read server certificate A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
TLS trace: SSL_connect:SSLv3 flush data
TLS trace: SSL_connect:SSLv3 read finished A
TLS: hostname (ldap2.sub.my.domain) does not match common name in certificate 
(cname.my.domain).
ldap_perror
ldap_start_tls: Connect error (-11)
    additional info: TLS: hostname does not match CN in peer certificate

######### Debug Ends

Thank you all.

-- 
Imobach González Sosa
Servicio de Informática y Comunicaciones de la ULPGC
e-mail: igonzalez@becarios.ulpgc.es
Teléfono: +34 928 459519