[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS client certificate problem



At 02:59 PM 9/15/00 -0400, Michael David wrote:
>I'm running openldap 2.0.3 under linux. The clients include
>netscape messenger on the same linux box, and netscape and
>outlook express under windows 2k.

I've been using Netscape 4.75 ldaps:// support without problems.

>All have been working and continue to work using plaintext
>ldap on port 389. Under a previous version of openldap
>(2.0.0), ldaps (tls) connection on port 636 also worked for
>all these clients. Now, under 2.0.3, seaching for a name
>from the OE address book, I see these debug messages;
>
>TLS trace: SSL_accept:SSLv3 write certificate A
>TLS trace: SSL_accept:SSLv3 write server done A
>tls_write: want=9, written=9
>        16 03 01 00 04 0e 00 00 00
>TLS trace: SSL_accept:SSLv3 flush data
>tls_read: want=5 error=Resource temporarily unavailable
>TLS trace: SSL_accept:error in SSLv3 read client certificate A
>TLS trace: SSL_accept:error in SSLv3 read client certificate A
>daemon: select: listen=6 active_threads=0 tvp=NULL
>daemon: select: listen=7 active_threads=0 tvp=NULL
>
>and OE reports that it can't connect.
>
>The results are the same whether or not OE has a client
>certificate. The other clients produce the same results.
>
>If anyone finds this informative, I'd be interested in
>learning what has stopped working.

What does "openssl s_client" say?