[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Microsoft Outlook and OpenLDAP (over SSL)
Sorry to keep replying to my messages, but I figure the more info the
better chance i get some help :) Anyway I can run
ldapsearch -v -H ldaps://<myFQDN>/ -x
and I get back all the results I should be getting. I can also run
openssl s_client -host <myFQDN> -port 636
CONNECTED(00000003)
depth=0 /C=US/ST=<mystate>/L=<mycity>/O=<myorg>/CN=<myFQDN>
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=<mystate>/L=<mycity>/O=<myorg>/CN=<myFQDN>
verify return:1
---
Certificate chain
0 s:/C=US/ST=<mystate>/L=<mycity>/O=<myorg>/CN=<myFQDN>
i:/C=US/ST=<mystate>/L=<mycity>/O=<myorg>/CN=<myFQDN>
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICdTCCAd6gAwIBAgIBADANBgkqhkiG9w0BAQQFADB1MQswCQYDVQQGEwJVUzER
MA8GA1UECBMIVmlyZ2luaWExFDASBgNVBAcTC0dyZWF0IEZhbGxzMR0wGwYDVQQK
ExRBc2NlbGxhIFRlY2hub2xvZ2llczEeMBwGA1UEAxMVdmlwZXIuYXNjZWxsYXRl
Y2guY29tMB4XDTAyMDEwODE3MTMwOFoXDTAzMDEwODE3MTMwOFowdTELMAkGA1UE
BhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRQwEgYDVQQHEwtHcmVhdCBGYWxsczEd
MBsGA1UEChMUQXNjZWxsYSBUZWNobm9sb2dpZXMxHjAcBgNVBAMTFXZpcGVyLmFz
Y2VsbGF0ZWNoLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAte3ul7yJ
y1afz81NQkf4h/lH/zZZUgaelINlsv2vJ338J31d0tC51vYU22KEnkvGE3hgPwfR
VamjABFOkcqDuVsCsEQF/iVuM2JsKXsJVmyptvZeylWmE6wmPuEHSrFz2TL9JZ0O
QhZx7dkuXaQGBEUGREexIp5kVMvMfL/XGfUCAwEAAaMVMBMwEQYJYIZIAYb4QgEB
BAQDAgZAMA0GCSqGSIb3DQEBBAUAA4GBAEQ9z2vd3BcIbTESqRzB3sAAHmO/ptSy
/93Elk6QSISrN9aEFNT/q3Fq7g0k6zLQKZt+L1+YodI0B9UknPz+PBWOv318tOn/
ohNS0qkfVN3uGPW+KC5H4jY93sPKTVeZH/j4d7MYu8sregcN79u1aF0Z5OubiibF
vqw7WTDwd1PG
-----END CERTIFICATE-----
subject=/C=US/ST=<mystate>/L=<mycity>/O=<myorg>/CN=<myFQDN>
issuer=/C=US/ST=<mystate>/L=<mycity>/O=<myorg>/CN=<myFQDN>
---
No client certificate CA names sent
---
SSL handshake has read 787 bytes and written 320 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : DES-CBC3-SHA
Session-ID:
87206E09CC418CA85D24021673176ECB1995F8D363EEA4C2EAD00133A78D311D
Session-ID-ctx:
Master-Key:
F66C154C9D603EDAC1B74C6BA75930DF7BA9F0332924611435A13D109E41F1984648AE550ABBA827815C91BDB03E8862
Key-Arg : None
Start Time: 1018748545
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
So now I'm believing that maybe outlook/outlook express can't connect to
ldaps port correctly. I've also tried using stunnel, but that fails
with stunnel: SSL_accept: Peer suddenly disconnected. Does anyone know
how I can test connectivity to my address book over ldaps (I think I can
do it in Mozilla but I'm not sure where)?. Has anyone got Outlook /
Outlook Express to connect over ldaps to OpenLDAP?
Thanks
Amith Varghese
On Sat, 2002-04-13 at 18:48, Amith Varghese wrote:
> I realized that I made a dumb mistake and forgot to put the locations of
> the TLS cert files in slapd.conf, so I added
>
> # TLS Config
> TLSCipherSuite HIGH:MEDIUM:+SSLv2
> TLSCertificateFile /usr/local/etc/openldap/certs/ldapcert.pem
> TLSCertificateKeyFile /usr/local/etc/openldap/certs/ldapkey.pem
> TLSCACertificateFile /usr/local/etc/openldap/certs/demoCA/cacert.pem
> TLSVerifyClient 0
>
> However, now I'm getting the following errors. Anyone have any
> suggestions?
>
> Thanks
> Amith Varghese
>
> TLS trace: SSL_accept:SSLv3 write certificate A
> TLS trace: SSL_accept:SSLv3 write server done A
> tls_write: want=87, written=87
> 0000: 52 cd 2d d6 69 52 1b 04 33 08 41 a3 ee 76 d4 77
> R.-.iR..3.A..v.w
> 0010: 33 70 a0 34 1d 25 3c da 80 90 e5 b4 94 dd 95 57
> 3p.4.%<........W
> 0020: 1a d9 a0 82 3e 0c 8e 83 f2 99 13 2d 3c fb 05 a6
> ....>......-<...
> 0030: 4d 64 58 60 6a 3c 9b 91 9c 4d 12 a0 7f b4 83 87
> MdX`j<...M......
> 0040: ed 43 30 5d 57 c0 80 60 a1 1f e4 47 6f 3e 16 03
> .C0]W..`...Go>..
> 0050: 01 00 04 0e 00 00 00
> .......
> TLS trace: SSL_accept:SSLv3 flush data
> tls_read: want=5 error=Resource temporarily unavailable
> TLS trace: SSL_accept:error in SSLv3 read client certificate A
> TLS trace: SSL_accept:error in SSLv3 read client certificate A
> daemon: select: listen=6 active_threads=0 tvp=NULL
> daemon: select: listen=7 active_threads=0 tvp=NULL
> daemon: activity on 1 descriptors
> daemon: activity on: 10r
> daemon: read activity on 10
> connection_get(10)
> connection_get(10): got connid=0
> connection_read(10): checking for input on id=0
> tls_read: want=5, got=0
>
> TLS trace: SSL_accept:failed in SSLv3 read client certificate A
> TLS: can't accept.
> connection_read(10): TLS accept error error=-1 id=0, closing
> connection_closing: readying conn=0 sd=10 for close
> connection_close: conn=0 sd=10
> daemon: removing 10
> conn=-1 fd=10 closed
>
>
> On Sat, 2002-04-13 at 16:37, Amith Varghese wrote:
> > I am trying to connect to my address book ($OpenLDAP: slapd
> > 2.0.23-Release) with Microsoft Outlook. If I connect on 389 everything
> > works fine. If I try to connect with SSL enabled (port 636) the
> > connection fails. I start OpenLDAP up using
> >
> > /usr/local/libexec/slapd -h "ldap:/// ldaps:///"
> >
> > The following is information from turning debugging on. If anyone could
> > let me know why the SSL handshake is failing I would appreciate it.
> >
> > Thanks
> > Amith Varghese
> >
> > ______________________________________________________________________
> >
> > connection_get(10): got connid=3
> > connection_read(10): checking for input on id=3
> > TLS trace: SSL_accept:before/accept initialization
> > tls_read: want=11, got=11
> > 0000: 80 6a 01 03 01 00 51 00 00 00 10
> > .j....Q....
> > tls_read: want=97, got=97
> > 0000: 8f 80 01 80 00 03 80 00 01 81 00 01 81 00 03 82
> > ................
> > 0010: 00 01 00 00 04 00 00 05 00 00 0a 83 00 04 84 80
> > ................
> > 0020: 40 01 00 80 07 00 c0 03 00 80 00 00 09 06 00 40
> > @..............@
> > 0030: 00 00 64 00 00 62 00 00 03 00 00 06 83 00 04 84
> > ..d..b..........
> > 0040: 28 40 02 00 80 04 00 80 00 00 13 00 00 12 00 00
> > (@..............
> > 0050: 63 61 c8 dc af 5c 2f cb b7 d9 01 53 34 16 4a 4d
> > ca...\/....S4.JM
> > 0060: d0
> > .
> > tls_write: want=7, written=7
> > 0000: 15 03 01 00 02 02 28
> > ......(
> > TLS trace: SSL3 alert write:fatal:handshake failure
> > TLS trace: SSL_accept:error in SSLv3 read client hello B
> > TLS trace: SSL_accept:error in SSLv3 read client hello B
> > TLS: can't accept.
> > TLS: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
> > s3_srvr.c:769
> > connection_read(10): TLS accept error error=-1 id=3, closing
> > connection_closing: readying conn=3 sd=10 for close
> >
> >
>
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com