[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS on W2K



At 02:20 PM 2001-08-28, Geert Van Muylem wrote:
>Dear All,
>
>Why do I get the following error (0x52)?
>(Platform: Client = W2K, Server = Linux)
>
>START_TLS [Local error][0x52]...
>ldap_start_tls: Success

local error is a client side error.  Try running the
client with -v -d -1 to get additional information.


>=> Debug output from Server:
>connection_get(10): got connid=0
>connection_read(10): checking for input on id=0
>ber_get_next
>ber_get_next: tag 0x30 len 29 contents:
>do_extended
>ber_scanf fmt ({a) ber:
>ber_get_next
>ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
>send_ldap_extended 0: (0)
>send_ldap_response: msgid=1 tag=120 err=0
>ber_flush: 14 bytes to sd 10
>connection_get(10): got connid=0
>connection_read(10): checking for input on id=0
>TLS trace: SSL_accept:before/accept initialization
>TLS trace: SSL_accept:SSLv3 read client hello A
>TLS trace: SSL_accept:SSLv3 write server hello A
>TLS trace: SSL_accept:SSLv3 write certificate A
>TLS trace: SSL_accept:SSLv3 write server done A
>TLS trace: SSL_accept:SSLv3 flush data
>TLS trace: SSL_accept:error in SSLv3 read client certificate A
>TLS trace: SSL_accept:error in SSLv3 read client certificate A
>connection_get(10): got connid=0
>connection_read(10): checking for input on id=0
>TLS trace: SSL_accept:SSLv3 read client key exchange A
>TLS trace: SSL_accept:SSLv3 read finished A
>TLS trace: SSL_accept:SSLv3 write change cipher spec A
>TLS trace: SSL_accept:SSLv3 write finished A
>TLS trace: SSL_accept:SSLv3 flush data
>connection_get(10): got connid=0
>connection_read(10): checking for input on id=0
>ber_get_next
>ber_get_next on fd 10 failed errno=104 (Connection reset by peer)
>connection_read(10): input error=-2 id=0, closing.
>connection_closing: readying conn=0 sd=10 for close
>connection_close: conn=0 sd=10
>
>=> Server slapd.conf
>#Enable TLS/SSL
>TLSCertificateFile      /home/gvm/CA/users/ldapcert.pem
>TLSCertificateKeyFile   /home/gvm/CA/users/ldap.pem
>TLSCACertificateFile    /home/gvm/CA/cacert.pem
>
>
>=> Client code
>   printf ("INIT...\n");
>   ld = ldap_init("192.168.0.49", 389);
>   if( ld == NULL )
>   {
>      printf ("Init Error...\n");
>      return(1);
>   }
>
>   if( ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version )       !=
>LDAP_OPT_SUCCESS )
>   {
>      fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n",
>version );
>      return 1;
>   }
>
>   rc = ldap_pvt_tls_set_option(NULL, LDAP_OPT_X_TLS_RANDOM_FILE,
>"FILE.RND");
>   if ( rc != LDAP_SUCCESS )
>   {
>      fprintf( stderr, "Error Setting option [%d]...\n", rc);
>   }
>
>   if ( (rc = ldap_start_tls_s( ld, NULL, NULL )) != LDAP_SUCCESS )
>   {
>      fprintf( stderr, "START_TLS [%s][0x%02X]...\n", ldap_err2string(rc),
>rc);
>      ldap_perror( ld, "ldap_start_tls");
>   }
>
>   return(0);