[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Microsoft Outlook and OpenLDAP (over SSL)



I realized that I made a dumb mistake and forgot to put the locations of
the TLS cert files in slapd.conf, so I added

# TLS Config
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /usr/local/etc/openldap/certs/ldapcert.pem
TLSCertificateKeyFile /usr/local/etc/openldap/certs/ldapkey.pem
TLSCACertificateFile /usr/local/etc/openldap/certs/demoCA/cacert.pem
TLSVerifyClient 0

However, now I'm getting the following errors.  Anyone have any
suggestions?

Thanks
Amith Varghese

TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
tls_write: want=87, written=87
  0000:  52 cd 2d d6 69 52 1b 04  33 08 41 a3 ee 76 d4 77  
R.-.iR..3.A..v.w  
  0010:  33 70 a0 34 1d 25 3c da  80 90 e5 b4 94 dd 95 57  
3p.4.%<........W  
  0020:  1a d9 a0 82 3e 0c 8e 83  f2 99 13 2d 3c fb 05 a6  
....>......-<...  
  0030:  4d 64 58 60 6a 3c 9b 91  9c 4d 12 a0 7f b4 83 87  
MdX`j<...M......  
  0040:  ed 43 30 5d 57 c0 80 60  a1 1f e4 47 6f 3e 16 03  
.C0]W..`...Go>..  
  0050:  01 00 04 0e 00 00 00                              
.......           
TLS trace: SSL_accept:SSLv3 flush data
tls_read: want=5 error=Resource temporarily unavailable
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
tls_read: want=5, got=0

TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept.
connection_read(10): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=10 for close
connection_close: conn=0 sd=10
daemon: removing 10
conn=-1 fd=10 closed


On Sat, 2002-04-13 at 16:37, Amith Varghese wrote:
> I am trying to connect to my address book ($OpenLDAP: slapd
> 2.0.23-Release) with Microsoft Outlook.  If I connect on 389 everything
> works fine.  If I try to connect with SSL enabled (port 636) the
> connection fails.  I start OpenLDAP up using
> 
> /usr/local/libexec/slapd -h "ldap:/// ldaps:///"
> 
> The following is information from turning debugging on.  If anyone could
> let me know why the SSL handshake is failing I would appreciate it.
> 
> Thanks
> Amith Varghese
> 
> ______________________________________________________________________
> 
> connection_get(10): got connid=3
> connection_read(10): checking for input on id=3
> TLS trace: SSL_accept:before/accept initialization
> tls_read: want=11, got=11
>   0000:  80 6a 01 03 01 00 51 00  00 00 10                 
> .j....Q....       
> tls_read: want=97, got=97
>   0000:  8f 80 01 80 00 03 80 00  01 81 00 01 81 00 03 82  
> ................  
>   0010:  00 01 00 00 04 00 00 05  00 00 0a 83 00 04 84 80  
> ................  
>   0020:  40 01 00 80 07 00 c0 03  00 80 00 00 09 06 00 40  
> @..............@  
>   0030:  00 00 64 00 00 62 00 00  03 00 00 06 83 00 04 84  
> ..d..b..........  
>   0040:  28 40 02 00 80 04 00 80  00 00 13 00 00 12 00 00  
> (@..............  
>   0050:  63 61 c8 dc af 5c 2f cb  b7 d9 01 53 34 16 4a 4d  
> ca...\/....S4.JM  
>   0060:  d0                                                
> .                 
> tls_write: want=7, written=7
>   0000:  15 03 01 00 02 02 28                              
> ......(           
> TLS trace: SSL3 alert write:fatal:handshake failure
> TLS trace: SSL_accept:error in SSLv3 read client hello B
> TLS trace: SSL_accept:error in SSLv3 read client hello B
> TLS: can't accept.
> TLS: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
> s3_srvr.c:769
> connection_read(10): TLS accept error error=-1 id=3, closing
> connection_closing: readying conn=3 sd=10 for close
> 
> 



_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com