[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldapsearch and TLS

To: openldap-software@OpenLDAP.org
Subject: ldapsearch and TLS
From: Craig Hancock <chancock@bsd.uchicago.edu>
Date: Wed, 12 Sep 2001 11:20:35 -0500

Hello all I haver successfully installed openldap 2.0.12 on my 
system. For some reason when I try to configure the TLS portion of it and
attempt to do an ldapsearch ie

ldapsearch -Z -H ldaps://localhost -b "dc=test,dc=testing,dc=com"
"objectclass=*" -x

I get the error
ldap_start_tls: Can't contact LDAP server
ldap_bind: Can't contact LDAP server

I am usings a selsigned certificate.

I see that port 636 is open but It seems like I am having trouble binding

This is one of the logs concerning SSL

tls_read: want=5, got=5
  0000:  16 03 01 00 86                                     .....
tls_read: want=134, got=134
  0000:  10 00 00 82 00 80 25 d6  1d 90 54 7c be 93 06 d1
......%...T|....
  0010:  1a d0 96 7a 5a ef 92 16  ef d1 cc 7c 0c 7d 02 b6
...zZ......|.}..
  0020:  f3 74 a7 0a a7 8b 1a 11  4c ab 4c 21 7a 25 68 4b
.t......L.L!z%hK
  0030:  27 fd d2 39 e9 7c 3f d0  8c 13 e1 c7 84 47 7a 3d
'..9.|?......Gz=
  0040:  e4 65 27 5c f8 dd 6b 1b  ec f0 8d ba 28 99 2d 04
.e'\..k.....(.-.
  0050:  fb 99 f1 99 ae 2d 7b c6  b1 6c da c7 f8 8e 58 fc
.....-{..l....X.
  0060:  da 47 bf f5 6d 35 29 91  9c 10 e6 33 b7 cf 5d ea
.G..m5)....3..].
  0070:  c8 6e ed a6 a2 73 93 26  13 56 66 c8 57 66 6b 22
.n...s.&.Vf.Wfk"
  0080:  11 da bf 8e 4e 2f                                  ....N/
TLS trace: SSL_accept:SSLv3 read client key exchange A
tls_read: want=5, got=5
  0000:  14 03 01 00 01                                     .....
tls_read: want=1, got=1
  0000:  01                                                 .
tls_read: want=5, got=5
  0000:  16 03 01 00 28                                     ....(
tls_read: want=40, got=40
  0000:  c9 f3 62 cc d1 df 65 7e  ae ef ed 3b ee 12 69 26
..b...e~...;..i&
  0010:  34 f9 5d 41 eb 03 86 58  d4 e7 fc de 98 f9 0c 7b
4.]A...X.......{
  0020:  66 ac b0 bf 43 68 f3 d1                            f...Ch..
TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
tls_write: want=51, written=51
  0000:  14 03 01 00 01 01 16 03  01 00 28 99 26 c0 c8 54
..........(.&..T
  0010:  7e 01 c3 c1 e2 1a 0b 0e  d2 82 96 5a 28 b3 b7 78
~..........Z(..x
  0020:  1d d5 fb 54 39 2a 8b 08  68 f2 6c 1b 3d 83 d3 21
...T9*..h.l.=..!
  0030:  e1 97 4f                                           ..O
TLS trace: SSL_accept:SSLv3 flush data
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10)
connection_get(10): got connid=2
connection_read(10): checking for input on id=2
ber_get_next
tls_read: want=5, got=0

ldap_read: want=1, got=0

ber_get_next on fd 10 failed errno=0 (Success)
connection_read(10): input error=-2 id=2, closing.
connection_closing: readying conn=2 sd=10 for close
connection_close: conn=2 sd=10
daemon: removing 10
conn=-1 fd=10 closed
tls_write: want=29, written=29
  0000:  15 03 01 00 18 2c 99 43  26 bc 22 7a ac 1c d4 b2
.....,.C&."z....
  0010:  cd e7 66 17 8f a8 45 2a  cd 05 01 21 d3            ..f...E*...!.
TLS trace: SSL3 alert write:warning:close notify
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL


I verified that the certificate is ok with openssl s_client.

So I am kinda of stumped any ideas


Craig Hancock

Follow-Ups:
- Re: ldapsearch and TLS
  - From: Norbert Klasen <norbert.klasen@daasi.de>

Prev by Date: RE: openldap 2.0.11 - getpwnam
Next by Date: querry on ldap_search_s()
Index(es):
- Chronological
- Thread