[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS client certificate problem

To: Michael David <michael@newearth.org>
Subject: Re: TLS client certificate problem
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sat, 16 Sep 2000 19:30:25 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <Pine.LNX.4.21.0009151436480.19300-100000@sapphire.newearth .org>
References: <Pine.LNX.3.95.1000914213800.6117A-100000@bbs.ipass.net>

At 02:59 PM 9/15/00 -0400, Michael David wrote:
>I'm running openldap 2.0.3 under linux. The clients include
>netscape messenger on the same linux box, and netscape and
>outlook express under windows 2k.

I've been using Netscape 4.75 ldaps:// support without problems.

>All have been working and continue to work using plaintext
>ldap on port 389. Under a previous version of openldap
>(2.0.0), ldaps (tls) connection on port 636 also worked for
>all these clients. Now, under 2.0.3, seaching for a name
>from the OE address book, I see these debug messages;
>
>TLS trace: SSL_accept:SSLv3 write certificate A
>TLS trace: SSL_accept:SSLv3 write server done A
>tls_write: want=9, written=9
>        16 03 01 00 04 0e 00 00 00
>TLS trace: SSL_accept:SSLv3 flush data
>tls_read: want=5 error=Resource temporarily unavailable
>TLS trace: SSL_accept:error in SSLv3 read client certificate A
>TLS trace: SSL_accept:error in SSLv3 read client certificate A
>daemon: select: listen=6 active_threads=0 tvp=NULL
>daemon: select: listen=7 active_threads=0 tvp=NULL
>
>and OE reports that it can't connect.
>
>The results are the same whether or not OE has a client
>certificate. The other clients produce the same results.
>
>If anyone finds this informative, I'd be interested in
>learning what has stopped working.

What does "openssl s_client" say?

Follow-Ups:
- Re: TLS client certificate problem
  - From: Michael David <michael@newearth.org>

Prev by Date: RE: slapd.conf on NT
Next by Date: Re: Openldap 2.x but still no roaming profiles
Index(es):
- Chronological
- Thread