Hi. I tested again with slapd V 2.2.15 (latest version on FreeBSD stable), with the same problem. I still have such entries in a netstat -an on the server: tcp4 0 37 Server.636 Client.ephemeral LAST_ACK One entry for each connection, and it will take some time before those entries are removed by slapd/system (and it will generate problems if I have lots of connections slapd). As I couldn't update the client, I also tried an ldapsearch on another host, using V 2.2.15. I didn't find how to validate the server certificate with ldapsearch, so I couldn't reproduce the problem, but I had another one: 1 0.000000 Client Server TCP 3163 > ldaps [SYN] Seq=2798085305 Ack=0 Win=57344 Len=0 2 0.000030 Server Client TCP ldaps > 3163 [SYN, ACK] Seq=3986325738 Ack=2798085306 Win=57344 Len=0 3 0.000050 Client Server TCP 3163 > ldaps [ACK] Seq=2798085306 Ack=3986325739 Win=57408 Len=0 4 0.006459 Client Server SSLv2 Client Hello 5 0.009318 Server Client TLS Server Hello, Certificate, Server Hello Done 6 0.010183 Client Server TLS Alert (Level: Fatal, Description: Unknown CA) 7 0.011616 Server Client TCP ldaps > 3163 [FIN, ACK] Seq=3986326942 Ack=2798085455 Win=57401 Len=0 8 0.011649 Client Server TCP 3163 > ldaps [ACK] Seq=2798085455 Ack=3986326943 Win=57399 Len=0 9 1.411796 Client Server TCP 3163 > ldaps [FIN, ACK] Seq=2798085455 Ack=3986326943 Win=57408 Len=0 10 1.411828 Server Client TCP ldaps > 3163 [ACK] Seq=3986326943 Ack=2798085456 Win=57400 Len=0 Still have a strange ACK after the FIN, and if I do a netstat -an, I have an entry like that: tcp4 0 0 Server.636 Client.3163 TIME_WAIT Note that those entries will be removed quite fast....... Yvan.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature