[Date Prev][Date Next] [Chronological] [Thread] [Top]

TLS Problems



I've compiled openldap-2.0.3 under a debian woody. The compile and the test
stage didn't report any problem.
I run the server as:
libexec/slapd -d 5 -h "ldaps:/// ldap:///";

with output:

@(#) $OpenLDAP: slapd 2.0.3-Release (Mon Sep 18 17:45:15 CEST 2000) $
        root@woody:/root/openldap-2.0.3/servers/slapd
	daemon_init: ldaps:/// ldap:///
	daemon_init: listen on ldaps:///
	daemon_init: listen on ldap:///
	daemon_init: 2 listeners to open...
	ldap_url_parse(ldaps:///)
	daemon: socket() failed errno=22 (Invalid argument)
	daemon: initialized ldaps:///
	ldap_url_parse(ldap:///)
	daemon: socket() failed errno=22 (Invalid argument)
	daemon: initialized ldap:///
	daemon_init: 2 listeners opened
	slapd init: initiated server.
	slapd startup: initiated.
	slapd starting
	
have no clue why those two errono=22 but it seems the server start up
correctly.
I can perform search at at ldap://woody but when i try to use the URI
ldaps:// it hangs. Here you are the output of the client...

bin/ldapsearch -d 5  -H "ldaps://woody" "objectclass=*":

ldap_create
ldap_url_parse(ldaps://woody)
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 10.0.0.36:636
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL3 alert read:fatal:handshake failure
TLS trace: SSL_connect:error in SSLv2/v3 read server hello A
TLS: can't connect.
ldap_perror
ldap_bind: Can't contact LDAP server
        additional info: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv                    3 alert handshake
failure

... and the server output:
connection_get(10)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read client hello B
TLS trace: SSL_accept:error in SSLv3 read client hello B
TLS: can't accept.
TLS: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
s3_srvr.c:714
connection_read(10): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=10 for close
connection_close: conn=0 sd=10

Why this? need to compile with some particular settings (i did a configure
with --with-tls).

thank you for your help
-- 
Cristian Prevedello, System Administrator, Linuxcare Italia spa
+39.049.804.3.411 tel, +39.049.803.6.484 fax
plasma@linuxcare.it, http://www.linuxcare.com/
Linuxcare. Support for the revolution.