[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Windows LDAP Client - SSL Handshake problem



This might help

http://www.openldap.org/lists/openldap-software/200107/msg00512.html

Hi,

I have compiled the openldap, openssl and cyrus sasl for a windows client. I am having a problem where the client cannot connect to a server via SSL on port 636. It's failing in the SSL handshake as the appended slapd debug log shows.

The server is running on Solaris 7 (Sparc). It can be successfully accessed by the Unix versions of the client and by other tools such as ldapsearch - only the windows client fails.

The windows tool s_client.exe (compiled with openssl) is able to connect to the ldap server quite successfully although it eventually passes the handshake stage and cannot go any further because it obviously doesn't understand the LDAP protocol. This leads me to think that the problem is somehow intertwined with OpenLDAP.

I shall be having a go at debugging this but I'd appreciate any advice or tips.

Thanks,

Tim



SLAPD DEBUG TRACE OF A CONNECTION FROM A WINDOWS CLIENT:


daemon: activity on 1 descriptors
daemon: new connection on 9
daemon: conn=36 fd=9 connection from IP=192.168.34.101:2518 (IP=0.0.0.0:0) accepted.
daemon: added 9r
daemon: activity on:
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: select: listen=8 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9)
connection_get(9): got connid=36
connection_read(9): checking for input on id=36
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=11
0000: 30 39 02 01 01 60 34 02 01 03 04 09...`4.... TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
TLS: can't accept.
TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol s23_srvr.c:565
connection_read(9): TLS accept error error=-1 id=36, closing
connection_closing: readying conn=36 sd=9 for close
connection_close: conn=36 sd=9
daemon: removing 9
conn=-1 fd=9 closed
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: select: listen=8 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: select: listen=8 active_threads=0 tvp=NULL









--
Tim Bond | Senior Security Engineer | 703-251-7144 | tbond@webmethods.com
webMethods, Inc.                         The Business Integration Company