[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP and SSL

To: openldap-software@OpenLDAP.org
Subject: Re: LDAP and SSL
From: Chasecreek Systemhouse <chasecreek.systemhouse@gmail.com>
Date: Mon, 29 Nov 2004 21:20:55 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=iVTjSTb9dYAFV91/fYVPu0gJLQ34iSv+Z4iZVQaxbPkNbzlKJIJ9pCe1eJt8NVrxSi1NzsPMZK8zwqNAMUAVZo7BErZICPVfKNapiCtv8PfyxhE50u83r4oRcPnA5x9C4KwP2vr5a6bLAUeb2TP1o3RSwIRNia7759iG5gLXQ3E=
In-reply-to: <Pine.OSX.4.58.0411282026360.387@spud.local>
References: <91f88ee204112810284d745e7f@mail.gmail.com> <Pine.OSX.4.58.0411282026360.387@spud.local>

Using this test:
openssl s_server -accept 390 -cert /etc/ldap/servercrt.pem -key
/etc/ldap/serverkey.pem -CAfile /etc/ldap/cacert.pem -www

Doesn't this mean LDAPS *should* work:
openssl s_client -connect 192.168.2.2:390 -showcerts -state -CAfile 

OUTPUT -

/etc/ldap/cacert.pem
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1 /C=US/ST=Florida/L=Jacksonville/O=Chasecreek Systemhouse/O=WC
-Sx- Jones/OU=Open
Source/CN=debian.insecurity.org/emailAddress=webmaster@insecurity.org
verify return:1
depth=0 /C=US/ST=Florida/L=Jacksonville/O=Chasecreek Systemhouse/O=WC
-Sx- Jones/OU=Open
Source/CN=debian.insecurity.org/emailAddress=webmaster@insecurity.org
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
---
Certificate chain
 0 s:/C=US/ST=Florida/L=Jacksonville/O=Chasecreek Systemhouse/O=WC
-Sx- Jones/OU=Open
Source/CN=debian.insecurity.org/emailAddress=webmaster@insecurity.org
   i:/C=US/ST=Florida/L=Jacksonville/O=Chasecreek Systemhouse/O=WC
-Sx- Jones/OU=Open
Source/CN=debian.insecurity.org/emailAddress=webmaster@insecurity.org
-----BEGIN CERTIFICATE-----
MIIEwzCCBCygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCVVMx
... deleted ...
UHr7crTK4JysKQ71oMlYpBqx64ecSvA=
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=Florida/L=Jacksonville/O=Chasecreek Systemhouse/O=WC
-Sx- Jones/OU=Open
Source/CN=debian.insecurity.org/emailAddress=webmaster@insecurity.org
issuer=/C=US/ST=Florida/L=Jacksonville/O=Chasecreek Systemhouse/O=WC
-Sx- Jones/OU=Open
Source/CN=debian.insecurity.org/emailAddress=webmaster@insecurity.org
---
No client certificate CA names sent
---
SSL handshake has read 1659 bytes and written 276 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 1E3FC5E64ACBC9D8BDF7DB1B09F27AD5102AA21F9965CE87C9CD0EA7295082CC
    Session-ID-ctx: 
    Master-Key:
C119584BDB5814C26435538244495BD501CE848058A0CA13522FDAF7C0DCEC6C0C3480F16A0F69C443F086C955F5E3A2
    Key-Arg   : None
    Start Time: 1101780915
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---


-- 
WC -Sx- Jones
http://insecurity.org/

References:
- LDAP and SSL
  - From: Chasecreek Systemhouse <chasecreek.systemhouse@gmail.com>
- Re: LDAP and SSL
  - From: Steve Revilak <srevilak@speakeasy.net>

Prev by Date: Re: weird performance issue
Next by Date: Re: weird performance issue
Index(es):
- Chronological
- Thread