[Date Prev][Date Next] [Chronological] [Thread] [Top]

tls key exchange

To: openldap-software@OpenLDAP.org
Subject: tls key exchange
From: "Thomas Berg" <Thomas.Berg1@gmx.de>
Date: Tue, 22 Jun 2004 19:24:42 +0200 (MEST)

hi

Ich tried for quite a long time to get tls/ssl encryption to work together
with openldap. But it didn't work. This is my configuration.

I went the normal way to generate the CA, the req and the cert.

CA.pl -newca
CA.pl -newcert
CA.pl -signcert
openssl rsa -in newreq.pem -out ldapkey.pem
cp newcert.pem ldapcert.pem
CA.pl verify ldapcert.pem (OK)

generated a req and cert for the client (don't know if it is a must)
CA.pl -newreq
CA.pl -signreq
openssl rsa -in newreq.pem -out clientkey.pem
cp newcert.pem clientcert.pem

Then I modified the /etc/openldap/slapd.conf:

TLS_Certificatefile /etc/openldap/ldapcert.pem
TLS_CertificateKeyfile /etc/openldap/ldapkey.pem
TLS_CACertificatefile /etc/openldap/certCA/cacert.pem

Then the /usr/local/etc/openldap/ldap.conf (can I get php to use
/etc/ldap.conf?)

TLS_cacert /etc/openldap/certCA/cacert.pem
TLS_reqcert allow

and last but not least the ~/.ldaprc

TLS_cert /etc/openldap/clientcert.pem
TLS_key /etc/openldap/clientkey.pem


That's all for the configuration. Everything runs on one same machine and
OpenLdap 2.2.13 and on SuSE 9.0.

now I tried to bind and read out some information over php. Without letting
php use ssl everything went fine. But with ssl I cant bind.

This is the Server output:

connection_get(12): got connid=0
connection_read(12): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(12): got connid=0
connection_read(12): checking for input on id=0
TLS trace: SSL_accept:SSLv3 read client key exchange A
TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
TLS trace: SSL_accept:SSLv3 flush data
connection_read(12): unable to get TLS client DN error=49 id=0
connection_get(12): got connid=0
connection_read(12): checking for input on id=0
ber_get_next
TLS trace: SSL3 alert read:warning:close notify
ber_get_next on fd 12 failed errno=0 (Success)
connection_read(12): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=12 for close
connection_close: conn=0 sd=12
TLS trace: SSL3 alert write:warning:close notify


I really hope you can help me. I'm desperated!

Best regards, Thomas

-- 
+++ Jetzt WLAN-Router für alle DSL-Einsteiger und Wechsler +++
GMX DSL-Powertarife zudem 3 Monate gratis* http://www.gmx.net/dsl

Follow-Ups:
- Re: tls key exchange
  - From: Buchan Milne <bgmilne@obsidian.co.za>

Prev by Date: Re: Problems With passwd Command on Solaris 9
Next by Date: Re: Manage own LDAP Address book entry
Index(es):
- Chronological
- Thread