[Date Prev][Date Next] [Chronological] [Thread] [Top]

TLS not working for non-root user


I'm having a problem where clients cannot connect via TLS when openldap is 
started as the ldap user.  Everything works perfectly when started as 
root.  The errors I'm getting are:

from openssl:

openssl s_client -connect localhost:636 -showcerts -state
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL3 alert read:fatal:handshake failure
SSL_connect:error in SSLv2/v3 read server hello A
8330:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert 
handshake failure:s23_clnt.c:470:

from slapd:

daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read client hello B
TLS trace: SSL_accept:error in SSLv3 read client hello B
TLS: can't accept.
TLS: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher 
connection_read(10): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=10 for close
connection_close: conn=0 sd=10
daemon: removing 10

I've checked my permissions a thousand times and they're all set properly. 
 I'm using openldap 2.2.6, openssl 0.9.7d on a linux 2.6.5 kernel.

The problem I am having seems to have been encountered before here: 
however there was not a response to this persons query.