[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: TLS client certificate problem
- To: Michael David <michael@newearth.org>
- Subject: Re: TLS client certificate problem
- From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Date: Sat, 16 Sep 2000 19:30:25 -0700
- Cc: openldap-software@OpenLDAP.org
- In-reply-to: <Pine.LNX.4.21.0009151436480.19300-100000@sapphire.newearth .org>
- References: <Pine.LNX.3.95.1000914213800.6117A-100000@bbs.ipass.net>
At 02:59 PM 9/15/00 -0400, Michael David wrote:
>I'm running openldap 2.0.3 under linux. The clients include
>netscape messenger on the same linux box, and netscape and
>outlook express under windows 2k.
I've been using Netscape 4.75 ldaps:// support without problems.
>All have been working and continue to work using plaintext
>ldap on port 389. Under a previous version of openldap
>(2.0.0), ldaps (tls) connection on port 636 also worked for
>all these clients. Now, under 2.0.3, seaching for a name
>from the OE address book, I see these debug messages;
>
>TLS trace: SSL_accept:SSLv3 write certificate A
>TLS trace: SSL_accept:SSLv3 write server done A
>tls_write: want=9, written=9
> 16 03 01 00 04 0e 00 00 00
>TLS trace: SSL_accept:SSLv3 flush data
>tls_read: want=5 error=Resource temporarily unavailable
>TLS trace: SSL_accept:error in SSLv3 read client certificate A
>TLS trace: SSL_accept:error in SSLv3 read client certificate A
>daemon: select: listen=6 active_threads=0 tvp=NULL
>daemon: select: listen=7 active_threads=0 tvp=NULL
>
>and OE reports that it can't connect.
>
>The results are the same whether or not OE has a client
>certificate. The other clients produce the same results.
>
>If anyone finds this informative, I'd be interested in
>learning what has stopped working.
What does "openssl s_client" say?