[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ldapsearch / ldappasswd and SSL mode
Hi,
I'm having some trouble getting SSL mode working in OpenLDAP
2.0.7 (compiled on Red Hat 6.2, glibc 2.1.3, kernel 2.2.16,
OpenSSL 0.9.5a).
I can start the ldap server in debug mode using:
slapd -d 63 -h "ldap:/// ldaps:///"
I can get a connection to it using:
openssl s_client -connect localhost:636 -showcerts
(I don't know enough about the LDAP protocol at this point to
type any useful commands, but entering QUIT causes the connection
to close down successfully).
I can get a StartTLS search working using this:
ldapsearch -ZZ -x
... but the following command core dumps:
ldapsearch -H ldaps://localhost/ -x
... following the debug output of the slapd server, it appears that
the connection gets started OK, and almost completes OK. I see messages
like these (trimming out the hex dump scribble):
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=11
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
tls_write: want=1024, written=1024
TLS trace: SSL_accept:SSLv3 flush data
tls_read: want=5 error=Resource temporarily unavailable
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 8r
daemon: read activity on 8
connection_get(8)
connection_get(8): got connid=0
connection_read(8): checking for input on id=0
tls_read: want=5, got=5
TLS trace: SSL_accept:SSLv3 read client key exchange A
tls_read: want=5, got=5
TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
tls_write: want=51, written=51
TLS trace: SSL_accept:SSLv3 flush data
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 8r
daemon: read activity on 8
connection_get(8)
connection_get(8): got connid=0
connection_read(8): checking for input on id=0
ber_get_next
tls_read: want=5, got=0
ldap_read: want=1, got=0
ber_get_next on fd 8 failed errno=0 (Success)
connection_read(8): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=8 for close
connection_close: conn=0 sd=8
daemon: removing 8
tls_write: want=29, written=29
TLS trace: SSL3 alert write:warning:close notify
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
... and at this point the client dies with no output.
Does anyone have any ideas as to whether this is likely to
be a client or a server problem? I don't seem to be able
to get any useful results out of the server using
"ldaps://localhost/..." with Netscape either ... should I
be able to?
----+------------------------+--------------------------
Del | mailto:del@babel.co.nz | Christchurch, New Zealand
----+------------------------+--------------------------