[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SASL EXTERNAL
Hi,
I've setup 2.1.1beta with "TLSVerifyClient demand" and I'm using a client
certificate which is validated correctly as it seems. At least I do get the
PLAIN and LOGIN mechs in addition to GSSAPI but no EXTERNAL. What else
needs to be done to enable SASL EXTERNAL?
From slapd debug output:
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write certificate request A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS certificate verification: depth: 2, err: 0, subject: /C=DE/O=Deutsches
Forschungsnetz/OU=DFN-CERT GmbH/OU=DFN-PCA/CN=DFN Toplevel Certification
Authority/Email=certify@pca.dfn.de, issuer: /C=DE/O=Deutsches
Forschungsnetz/OU=DFN-CERT GmbH/OU=DFN-PCA/CN=DFN Toplevel Certification
Authority/Email=certify@pca.dfn.de
TLS certificate verification: depth: 1, err: 0, subject: /C=DE/O=DAASI
International GmbH/OU=DAASI CA/Email=ca@daasi.de, issuer: /C=DE/O=Deutsches
Forschungsnetz/OU=DFN-CERT GmbH/OU=DFN-PCA/CN=DFN Toplevel Certification
Authority/Email=certify@pca.dfn.de
TLS certificate verification: depth: 0, err: 0, subject:
/C=DE/ST=Baden-W\xFCrttemberg/L=T\xFCbingen/O=DAASI International
GmbH/CN=Norbert Klasen/Email=norbert.klasen@daasi.de, issuer: /C=DE/O=DAASI
International GmbH/OU=DAASI CA/Email=ca@daasi.de
TLS trace: SSL_accept:SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client key exchange A
TLS trace: SSL_accept:SSLv3 read client key exchange A
TLS trace: SSL_accept:SSLv3 read certificate verify A
TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL3 alert read:warning:close notify
TLS trace: SSL3 alert write:warning:close notify
--
Norbert Klasen, Dipl.-Inform.
DAASI International GmbH phone: +49 7071 29 70336
Wilhelmstr. 106 fax: +49 7071 29 5114
72074 Tübingen email: norbert.klasen@daasi.de
Germany web: http://www.daasi.de