[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
TLS Problems
I've compiled openldap-2.0.3 under a debian woody. The compile and the test
stage didn't report any problem.
I run the server as:
libexec/slapd -d 5 -h "ldaps:/// ldap:///"
with output:
@(#) $OpenLDAP: slapd 2.0.3-Release (Mon Sep 18 17:45:15 CEST 2000) $
root@woody:/root/openldap-2.0.3/servers/slapd
daemon_init: ldaps:/// ldap:///
daemon_init: listen on ldaps:///
daemon_init: listen on ldap:///
daemon_init: 2 listeners to open...
ldap_url_parse(ldaps:///)
daemon: socket() failed errno=22 (Invalid argument)
daemon: initialized ldaps:///
ldap_url_parse(ldap:///)
daemon: socket() failed errno=22 (Invalid argument)
daemon: initialized ldap:///
daemon_init: 2 listeners opened
slapd init: initiated server.
slapd startup: initiated.
slapd starting
have no clue why those two errono=22 but it seems the server start up
correctly.
I can perform search at at ldap://woody but when i try to use the URI
ldaps:// it hangs. Here you are the output of the client...
bin/ldapsearch -d 5 -H "ldaps://woody" "objectclass=*":
ldap_create
ldap_url_parse(ldaps://woody)
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 10.0.0.36:636
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL3 alert read:fatal:handshake failure
TLS trace: SSL_connect:error in SSLv2/v3 read server hello A
TLS: can't connect.
ldap_perror
ldap_bind: Can't contact LDAP server
additional info: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv 3 alert handshake
failure
... and the server output:
connection_get(10)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read client hello B
TLS trace: SSL_accept:error in SSLv3 read client hello B
TLS: can't accept.
TLS: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
s3_srvr.c:714
connection_read(10): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=10 for close
connection_close: conn=0 sd=10
Why this? need to compile with some particular settings (i did a configure
with --with-tls).
thank you for your help
--
Cristian Prevedello, System Administrator, Linuxcare Italia spa
+39.049.804.3.411 tel, +39.049.803.6.484 fax
plasma@linuxcare.it, http://www.linuxcare.com/
Linuxcare. Support for the revolution.