[Date Prev][Date Next]
Re: SSL/TLS again
The problem was in the reversed host lookup. My ldap.example.com was
first an alias to another server, so the reversed hostlookup was not
pointing to the FQDN of the certificate. With an own entry in the dns
for ldap.example.com it works fine.
Linus Lund wrote:
Im trying to get my SSL/TLS things to work with ldap, e.g. I'd like
ldapsearch -H ldaps://ldap.example.com to return entries. This command
works if I execute it on the same machine as the ldap server resides.
But not on an other client!
First of all, my configuration:
ldap.conf (on both machines)
First I try to search on the "server-computer". This works fine, both
with -H ldaps://ldapserver and -ZZ. I also try to run openssl s_client
-connect ldap.example.com:636, this returns ok.
Then I move to the other computer.
Running openssl s_client -connect ldap.example.com:636 returns
10097:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
adding -ssl2 to the openssl command lines returns
Verify return code: 0 (ok)
Running ldapserach -H ldaps://ldap.example.com returns
TLS trace: SSL_connect:SSLv3 flush data
tls_read: want=5, got=0
TLS trace: SSL_connect:failed in SSLv3 read finished A
TLS: can't connect.
I've alse tried to run openssl s_server with the same certs as the
ldapserver uses on the "servercomputer", then I try to connect with
both ldapsearch and openssl s_client, both works fine!
What could make things go wrong here? I'm using exactly the same
configuration, ca-files on both machines. I have the same openssl
version on both machines. I have OpenLDAP 2.2.26 on both machines.
Any help would be much appreciated!