[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL/TLS via a remote client fails

joris.custers@pandora.be wrote:

I am having a problem with using SSL/TLS.
I have an openLDAP server running. When I connect to the server via a remote client without SSL it works fine ( I use Ldapsearch ).

When I perform a local ldapsearch on my server via the command:
ldapsearch -x -H ldaps://-d7
Everything works fine....

When I trie to connect with SSL via a remote client via ldapsearch it does not work anymore.
This is my command:
ldapsearch -x -H ldaps://<ip-adres> -d7

On my client I get this error:

** Connections: * host: annex02 port: 636 (default) refcnt: 2 status: Connected last used: Wed Nov 24 13:47:07 2004

** Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
read1msg: msgid 1, all 1
ldap_read: want=1 error=Broken pipe
ldap_bind: Can't contact LDAP server

on my server:

connection_read(11): checking for input on id=2
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
TLS: can't accept.
TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol s23_srvr.c:585
connection_read(11): TLS accept error error=-1 id=2, closing
connection_closing: readying conn=2 sd=11 for close
connection_close: conn=2 sd=11

If anyone know the answer to this, please, it would be a great help for me...



At a guess your LDAP server has a certificate with a CN that does not match <ip-adres> .
Search the OpenLDAP archives for SSL+certificates ...

Dave Lewney
Principal Systems Programmer, IT Services
University of Sussex, Brighton BN1 9QJ. Tel: 01273 678354 Fax: 01273 271956