[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
stunnel(tls)/ldapsearch but no ldapsearch(tls)
Hello everybody!
Still struggling with ldapsearch, and I have just made an interersting
observation that I would like you to chew on:
I have the latest versions of openssl (compiled with rsaref and shared),
and openldap (compiled --with-tls --enable-shared).
My client machine has the follow in ldap.conf (the important stuff)
host xyz:636
ssl yes
sslpath /etc/openldap/certs/cert7.db
my ldap server us being run with the following:
slapd -u ldap -h ldaps:/// -d 65535
now, from the client, if I try a standard ldapsearch, I get the following
error from the server:
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=11
0000: 30 0c 02 01 01 60 07 02 01 03 04 0....`.....
TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
TLS: can't accept.
TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
s23_srvr.c:565
connection_read(15): TLS accept error error=-1 id=21, closing
Now, if I turn on stunnel on the client with the followng options:
stunnel -c -d 9636 -r xyz:636 -f
and set the host localhost:9636 in the client ldap.conf,
everything works just peachy!
On the client, both stunnel and openldap were compiled from source with
the same openssl libraries.
I can absolutely not figure this one out. Does openldap use the openssl
libraries in a different way than stunnel? If so, why am I seemingly the
only one with this ssl client unknown protocol error?
Does anybody have any advice here, other than just using stunnel on my
client machines?
Thanks in advance,
Andy