Re: Problem accessing via TLS

[Robert Fitzpatrick <lists@webtent.net>]

On Sun, 2006-04-02 at 12:55 -0700, Howard Chu wrote:
> Robert Fitzpatrick wrote:
> > I posted this a week or more ago, but had to leave town and not able to follow up.
> >   
> 
> Like I said in my last reply, show us the debug output from the failed 
> client. I.e., run the client with -d7. Posting the same information 
> twice is just wasting our time.
> 

Sorry, don't remember you mentioning the -d7 option, I guess 'man
ldapsearch' would have helped, huh. Anyway, I thought you were talking
about the debug log....

Running with the debug option it is obvious the cert the command is
trying to use is not correct...

genoa# ldapsearch -xZZ -d7 -h directory.webtent.net -b
"dc=webtent,dc=net" "(uid=robert)" mail
ldap_create
ldap_url_parse_ext(ldap://directory.webtent.net)
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP directory.webtent.net:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 208.38.145.3:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
ldap_open_defconn: successful
ldap_send_server_request
ber_flush: 31 bytes to sd 3
  0000:  30 1d 02 01 01 77 18 80  16 31 2e 33 2e 36 2e 31
0....w...1.3.6.1
  0010:  2e 34 2e 31 2e 31 34 36  36 2e 32 30 30 33
37      .4.1.1466.20037
ldap_write: want=31, written=31
  0000:  30 1d 02 01 01 77 18 80  16 31 2e 33 2e 36 2e 31
0....w...1.3.6.1
  0010:  2e 34 2e 31 2e 31 34 36  36 2e 32 30 30 33
37      .4.1.1466.20037
ldap_result msgid 1
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 1
wait4msg continue, msgid 1, all 1
** Connections:
* host: directory.webtent.net  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Sun Apr  9 13:52:24 2006

** Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 1, all 1
ber_get_next
ldap_read: want=8, got=8
  0000:  30 0c 02 01 01 78 07 0a                            0....x..
ldap_read: want=6, got=6
  0000:  01 00 04 00 04 00                                  ......
ber_get_next: tag 0x30 len 12 contents:
ldap_read: message type extended-result msgid 1, original id 1
ber_scanf fmt ({iaa) ber:
read1msg:  0 new referrals
read1msg:  mark request completed, id = 1
request 1 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_extended_result
ber_scanf fmt ({iaa) ber:
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (}) ber:
ldap_msgfree,
TLS: could not use key file `/home/robert/certs/webtent.org-key.pem'.
TLS: error:02001002:system library:fopen:No such file or directory
bss_file.c:349
TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:351
TLS: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib
ssl_rsa.c:648
ldap_perror
ldap_start_tls: Connect error (-11)
genoa#

The thing I cannot figure out is where it is getting this from, I have
checked /etc/ldap.conf, which is a symlink to /usr/local/etc/ldap.conf
and even my nss_ldap.conf. I did 'grep -r webtent.org-key.pem' on both
of these etc directories and nothing. There is no
folder /home/robert/certs at all. Where is this coming from?

--
Robert

-- 
Robert