Re: TLS negation failure

[espeake@oreillyauto.com]

From:	Aaron Richton <richton@nbcs.rutgers.edu>
To:	espeake@oreillyauto.com
Cc:	openldap-technical@openldap.org
Date:	09/19/2013 10:13 AM
Subject:	Re: TLS negation failure



On Thu, 19 Sep 2013, espeake@oreillyauto.com wrote:

> We have a client server that is failing on the ssl handshake using TLS.
> The following is from the server log when the client is trying to
connect.
>
> Sep 19 09:12:49 tntest-ldap-3 slapd[18796]: conn=3534 fd=28 ACCEPT from
> IP=172.17.1.10:55469 (IP=0.0.0.0:389)
> Sep 19 09:12:49 tntest-ldap-3 slapd[18796]: conn=3534 op=0 EXT
> oid=1.3.6.1.4.1.1466.20037
> Sep 19 09:12:49 tntest-ldap-3 slapd[18796]: conn=3534 op=0 STARTTLS
> Sep 19 09:12:49 tntest-ldap-3 slapd[18796]: conn=3534 op=0 RESULT oid=
> err=0 text=
> Sep 19 09:12:50 tntest-ldap-3 slapd[18796]: conn=3534 fd=28 closed (TLS
> negotiation failure)
>
The above information is from a connection when a server is running an
application that is trying to access the LDAP server.  And this is what the
logging is doing on the server.  I tried to change the logging level to
debug but my changes aren't going through.  I tried deleting the
olcLogLevel and and then adding it back and tried a replace with no luck.

I also tried adding olcTLSCACertificatePath but none of my ldapmodifies
seem to be working.  I am on version 2.4.31 with a 3 node n-way multimaster
setup.


Try something like
https://groups.google.com/forum/#!topic/mailing.openssl.users/1OOwXp45iIw
if you'd like. Or OpenLDAP Software such as ldapsearch(1).

The above allowed me to connect and the connection was closed as soon as it
opened.

Thanks,
Eric




This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS § 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.