[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Getting SSL/TSL to work

To: openldap-software@OpenLDAP.org
Subject: Re: Getting SSL/TSL to work
From: Pupeno <pupeno@pupeno.com>
Date: Mon, 14 Mar 2005 00:16:00 -0300
Content-disposition: inline
In-reply-to: <4231092A.4040308@pupeno.com>
References: <4231092A.4040308@pupeno.com>
User-agent: KMail/1.7.2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just for the record, I solved the problem. It was a privileges problem the 
directory where the certificate was had only execute privileges for the 
owner, which was root, rendeing OpenLDAP's access impossible.
That was hard to guess from the error line:

main: TLS init def ctx failed: -1

but with a higher error reporting level, one would find this (among 1000s of 
other lines):

TLS: could not use key file `/etc/certificates/privkey.pem'.
TLS: error:0200100D:system library:fopen:Permission denied bss_file.c:278
TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:280
TLS: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib 
ssl_rsa.c:693
main: TLS init def ctx failed: -1

Thank you.

Je ÄaÅdo Marto 10 2005 23:57, Pupeno skribis:
> Hello,
> This might be a bit off-topic since it may have more to do with openssl
> than with OpenLDAP. Using some scripts/commands provided by
> Apache/Gentoo I created certificates for my Apache server and https on
> Apache is working without problems.
> Now I'm trying to use that certificate for LDAP, I configured it this way:
>
> TLSCipherSuite HIGH:MEDIUM
> TLSCertificateFile /etc/certificates/server.crt
> TLSCertificateKeyFile /etc/certificates/server.key
>
> but when I start it I get the following messages:
>
> Mar 10 16:56:13 master slapd[6814]: daemon: socket() failed errno=97
> (Address family not supported by protocol)
> Mar 10 16:56:13 master slapd[6814]: daemon: socket() failed errno=97
> (Address family not supported by protocol)
> Mar 10 16:56:13 master slapd[6814]: sql_select option missing
> Mar 10 16:56:13 master slapd[6814]: auxpropfunc error no mechanism
> available Mar 10 16:56:13 master slapd[6814]: _sasl_plugin_load failed on
> sasl_auxprop_plug_init for plugin: sql
> Mar 10 16:56:13 master slapd[6814]: bdb_initialize: Sleepycat Software:
> Berkeley DB 4.1.25: (December 19, 2002)
> Mar 10 16:56:13 master slapd[6814]: bdb_db_init: Initializing BDB database
> Mar 10 16:56:13 master slapd[6814]: main: TLS init def ctx failed: -1
> Mar 10 16:56:13 master slapd[6814]: slapd stopped.
> Mar 10 16:56:13 master slapd[6814]: connections_destroy: nothing to
> destroy.
>
> Can anybody give me some clue about what am I doing wrong ? is OpenLDAP
> wrongly configured or the certificates are wrong ?
>
> Thank you.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFCMQkufW48a9PWGkURAnFLAJwJlEcFWotos92PWDpE9zXd62dHIgCfbteo
> lrT63WmCSak0NuZJrOtsl0w=
> =67hv
> -----END PGP SIGNATURE-----

- -- 
Pupeno: pupeno@pupeno.com - http://pupeno.com
Reading Science Fiction ? http://sfreaders.com.ar
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCNQHyfW48a9PWGkURAvuCAJ9Z/of7dMjhwM7PtUGgZzV3fr7LfgCdEtwv
Ca5jq//aVqIIiQN2zt8Zfus=
=euuN
-----END PGP SIGNATURE-----

References:
- Getting SSL/TSL to work
  - From: Pupeno <pupeno@pupeno.com>

Prev by Date: Re: ldapdb troubleshooting
Next by Date: Re: ldapdb troubleshooting
Index(es):
- Chronological
- Thread