[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem with ldaps:// when switching from 2.3 to 2.4



Mathias Gug <mathiaz@ubuntu.com> wrote on 11/12/2009 06:13:29 PM:

> Mathias Gug <mathiaz@ubuntu.com>

> 11/12/2009 06:13 PM
>
> To

>
> Tomasz Welman/Poland/IBM@IBMPL

>
> cc

>
> openldap-technical@openldap.org

>
> Subject

>
> Re: Problem with ldaps:// when switching from 2.3 to 2.4

>
> On Thu, Nov 12, 2009 at 09:17:12AM +0100, Tomasz Welman wrote:
> [...]
>
> > TLS: can't connect: Decryption has failed..
> > ldap_err2string
> > ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
> >
> >
> > The gnutls-cli I've launched 3 times and the error messages differ, look:
> >
> > [root@darthvader ~]# gnutls-cli --x509cafile /etc/ldap/cacerts/bp.cert -p
> > 636 bluepages.ibm.com
> > Processed 1 CA certificate(s).
> > Resolving 'bluepages.ibm.com'...
> > Connecting to '9.17.186.253:636'...
>
>
> > *** Fatal error: A TLS packet with unexpected length was received.
> > *** Handshake has failed
> > GNUTLS ERROR: A TLS packet with unexpected length was received.
>
>
> > [root@darthvader ~]# gnutls-cli --x509cafile /etc/ldap/cacerts/bp.cert -p
> > 636 bluepages.ibm.com
> > Processed 1 CA certificate(s).
> > Resolving 'bluepages.ibm.com'...
> > Connecting to '9.17.186.253:636'...
>
>
> > *** Fatal error: A TLS packet with unexpected length was received.
> > *** Handshake has failed
> > GNUTLS ERROR: A TLS packet with unexpected length was received.
>
>
> > [root@darthvader ~]# gnutls-cli --x509cafile /etc/ldap/cacerts/bp.cert -p
> > 636 bluepages.ibm.com
> > Processed 1 CA certificate(s).
> > Resolving 'bluepages.ibm.com'...
> > Connecting to '9.17.186.253:636'...
> > *** Fatal error: Decryption has failed.
> > *** Handshake has failed
> > GNUTLS ERROR: Decryption has failed.
> >
>
> Seems like there is an error with the gnutls library rather than openldap.
> Could you try to connect to the server with openssl s_client instead of
> gnutls-cli?
>

I did it in order to get this bp.cert. It's working perfectly.

What should I do now?


--
Tomasz 'Trog' Welman
Software Developer
external: 48-12-628-9449
ITN: 34819449
T/L: 9449

IBM SWG Lab, Krakow, Poland
IBM Polska Sp. z o.o. oddział w Krakowie
ul. Armii Krajowej 18 30 -150 Kraków
NIP: 526-030-07-24, KRS 0000012941
Kapitał zakładowy: 33.000.000 PLN