[Date Prev][Date Next] [Chronological] [Thread] [Top]

Java, SSL and Openldap



Hello,

I am trying to set up an java (Sun jdk) app that connects to a Openldap
server through a SSL connection. I have managed to set up the server
correctly and I can connect to it through ldapsearch -h "ldaps://". I have
also managed to connect from the app to server through a non-SSL
connection. But when I try to connect through SSL everything seems to
fail. I have been searching for docs for hours, but it didn't help me
anything, so I hope that there may be somebody on the mailinglist who can
help me. I get the following Exception:

Exception in thread "main" javax.naming.CommunicationException: simple
bind failed: localhost:636.  Root exception is
javax.net.ssl.SSLHandshakeException: Signature does not match.
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA1275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA1275)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA1275)
        at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA1275)
        at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA1275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA1275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA1275)
        at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA1275)
        at java.io.BufferedInputStream.fill(BufferedInputStream.java:186)
        at java.io.BufferedInputStream.read1(BufferedInputStream.java:225)
        at java.io.BufferedInputStream.read(BufferedInputStream.java:280)
        at com.sun.jndi.ldap.Connection.run(Connection.java:770)
        at java.lang.Thread.run(Thread.java:539)

The debug output of slapd is:

bart:/usr/local/libexec# ./slapd -h "ldaps://" -d 9
@(#) $OpenLDAP: slapd 2.0.11-Release (Mon Aug 13 16:09:02 CEST 2001) $
        bart@bart:/tmp/openldap-2.0.11/servers/slapd
daemon_init: listen on ldaps://
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldaps://)
daemon: socket() failed errno=97 (Address family not supported by
protocol)
daemon: initialized ldaps://
daemon_init: 1 listeners opened
slapd init: initiated server.
slapd startup: initiated.
slapd starting
daemon: added 6r
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: new connection on 9
daemon: added 9r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
TLS trace: SSL3 alert read:fatal:certificate unknown
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept.
TLS: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate
unknown s3_pkt.c:964
connection_read(9): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=9 for close
connection_close: conn=0 sd=9
daemon: removing 9
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL

Does anybody have an idea what is wrong?

Bart v.d. Garde
IC&S