[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
FW: LDAP and TLS
Hi,
Found what the problem was...
I used the IP-address in the ldap_init(): ld = ldap_init("127.0.0.1",
389);
The ldap_int_tls_start() compares the host with the names in the
certificates:
So it compares "127.0.0.1" with "apollo" (as part of cn=...) which does not
matsch
eventough the name of my localhost is apollo!
So I changed my init to:
ld = ldap_init("apollo", 389); and everything works fine!!!!
Hope this helps some other people who are trying to do the same...
Regards,
Geert
BTW: Does anyone has the DLL versions of the OpenLDAP libraries (WIN32)
or libs which can be used with BCPP?
-----Original Message-----
From: Geert Van Muylem [mailto:Geert.Van.Muylem@SKYNET.BE]
Sent: woensdag 27 februari 2002 13:32
To: LDAP Mailing List
Subject: LDAP and TLS
Hi all,
I'm testing OpenLDAP 2.0.23 and TLS on W2K...
The client and server are running on the same PC
These are the entries in my slapd.conf:
TLSCertificateFile d:\\OpenLDAP\\KEYS\\ld3_cert.pem
TLSCertificateKeyFile d:\\OpenLDAP\\KEYS\\ld3_sk.pem
TLSCACertificateFile d:\\OpenLDAP\\KEYS\\cacert.pem
I'm getting a connect-error (0x5b) when executing ldap_start_tls_s(...)
The DN of my server certificate: CN=apollo, c=BE
Windows 2000 IP Configuration:
Host Name . . . . . . . . . . . . : apollo
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
Can someone tell me what's going wrong?
Thanks,
Geert
C:\OpenLDAP>slapd -d 1 -h "ldap:/// ldaps:///"
starting slapd...
OpenLDAP -devel Standalone LDAP Server (slapd)daemon_init: listen on
ldap:///
daemon_init: listen on ldaps:///
daemon_init: 2 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: initialized ldap:///
ldap_url_parse_ext(ldaps:///)
daemon: initialized ldaps:///
daemon_init: 2 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
Enter PEM pass phrase:
slapd startup: initiated.
slapd starting
connection_get(676): got connid=0
connection_read(676): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 29 contents:
ber_get_next
do_extended
ber_get_next on fd 676 failed errno=10035 (WSAEWOULDBLOCK)
ber_scanf fmt ({a) ber:
send_ldap_extended 0: (0)
send_ldap_response: msgid=1 tag=120 err=0
ber_flush: 14 bytes to sd 676
connection_get(676): got connid=0
connection_read(676): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:SSLv3 read client key exchange A
TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
TLS trace: SSL_accept:SSLv3 flush data
connection_get(676): got connid=0
connection_read(676): checking for input on id=0
ber_get_next
ber_get_next on fd 676 failed errno=10054 (WSAECONNRESET)
connection_read(676): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=676 for close
connection_close: conn=0 sd=676