[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Strange TLS behaviour with slapd 2.3.30 on Debian Etch

Fabian Steiner wrote:
Howard Chu wrote:
Fabian Steiner wrote:
Of course, I don't want to hijack the OP's thread but as our problems
seem to be rather similar I can also provide the corresponding slapd log:
This looks like a simple configuration error; you have slapd configured to
require client certificates and the client didn't send one. Either you need
to configure the client with a certificate, or you need to relax the
requirement on the server.

In fact, this was also our first assumption after having analyzed the output for the very first time but due to our configuration this should't happen:

TLSCertificateFile      /etc/ssl-certs/ldap.crt
TLSCertificateKeyFile   /etc/ssl-certs/ldap.key
TLSCACertificateFile    /etc/ssl-certs/ca.crt
TLSVerifyClient never

Moreover, this wouldn't explain why it /does/ work for some time (as far as
our case is concerned it works as long as slapd isn't restarted). Once the
problem has occured the server has to be rebooted in order to ensure a
working setup again :-(

The fact that a reboot is required indicates that any problem is not in any user-level code. Maybe your /dev/random has run out of entropy, or some other underlying system resource is gone. Maybe strace would help here.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/