[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Microsoft Outlook and OpenLDAP (over SSL)
I realized that I made a dumb mistake and forgot to put the locations of
the TLS cert files in slapd.conf, so I added
# TLS Config
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /usr/local/etc/openldap/certs/ldapcert.pem
TLSCertificateKeyFile /usr/local/etc/openldap/certs/ldapkey.pem
TLSCACertificateFile /usr/local/etc/openldap/certs/demoCA/cacert.pem
TLSVerifyClient 0
However, now I'm getting the following errors. Anyone have any
suggestions?
Thanks
Amith Varghese
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
tls_write: want=87, written=87
0000: 52 cd 2d d6 69 52 1b 04 33 08 41 a3 ee 76 d4 77
R.-.iR..3.A..v.w
0010: 33 70 a0 34 1d 25 3c da 80 90 e5 b4 94 dd 95 57
3p.4.%<........W
0020: 1a d9 a0 82 3e 0c 8e 83 f2 99 13 2d 3c fb 05 a6
....>......-<...
0030: 4d 64 58 60 6a 3c 9b 91 9c 4d 12 a0 7f b4 83 87
MdX`j<...M......
0040: ed 43 30 5d 57 c0 80 60 a1 1f e4 47 6f 3e 16 03
.C0]W..`...Go>..
0050: 01 00 04 0e 00 00 00
.......
TLS trace: SSL_accept:SSLv3 flush data
tls_read: want=5 error=Resource temporarily unavailable
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
tls_read: want=5, got=0
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept.
connection_read(10): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=10 for close
connection_close: conn=0 sd=10
daemon: removing 10
conn=-1 fd=10 closed
On Sat, 2002-04-13 at 16:37, Amith Varghese wrote:
> I am trying to connect to my address book ($OpenLDAP: slapd
> 2.0.23-Release) with Microsoft Outlook. If I connect on 389 everything
> works fine. If I try to connect with SSL enabled (port 636) the
> connection fails. I start OpenLDAP up using
>
> /usr/local/libexec/slapd -h "ldap:/// ldaps:///"
>
> The following is information from turning debugging on. If anyone could
> let me know why the SSL handshake is failing I would appreciate it.
>
> Thanks
> Amith Varghese
>
> ______________________________________________________________________
>
> connection_get(10): got connid=3
> connection_read(10): checking for input on id=3
> TLS trace: SSL_accept:before/accept initialization
> tls_read: want=11, got=11
> 0000: 80 6a 01 03 01 00 51 00 00 00 10
> .j....Q....
> tls_read: want=97, got=97
> 0000: 8f 80 01 80 00 03 80 00 01 81 00 01 81 00 03 82
> ................
> 0010: 00 01 00 00 04 00 00 05 00 00 0a 83 00 04 84 80
> ................
> 0020: 40 01 00 80 07 00 c0 03 00 80 00 00 09 06 00 40
> @..............@
> 0030: 00 00 64 00 00 62 00 00 03 00 00 06 83 00 04 84
> ..d..b..........
> 0040: 28 40 02 00 80 04 00 80 00 00 13 00 00 12 00 00
> (@..............
> 0050: 63 61 c8 dc af 5c 2f cb b7 d9 01 53 34 16 4a 4d
> ca...\/....S4.JM
> 0060: d0
> .
> tls_write: want=7, written=7
> 0000: 15 03 01 00 02 02 28
> ......(
> TLS trace: SSL3 alert write:fatal:handshake failure
> TLS trace: SSL_accept:error in SSLv3 read client hello B
> TLS trace: SSL_accept:error in SSLv3 read client hello B
> TLS: can't accept.
> TLS: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
> s3_srvr.c:769
> connection_read(10): TLS accept error error=-1 id=3, closing
> connection_closing: readying conn=3 sd=10 for close
>
>
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com