[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Windows LDAP Client - SSL Handshake problem



also make sure you have a ldaprc file with the TLS_CACERT variable
pointing to the CA cert for the CA that signed your server's cert.

> This might help
>
> http://www.openldap.org/lists/openldap-software/200107/msg00512.html
>
>> Hi,
>>
>> I have compiled the openldap, openssl and cyrus sasl for a windows
>> client.  I am having a problem where the client cannot connect to a
>> server via SSL on port 636.  It's failing in the SSL handshake as the
>> appended slapd debug log shows.
>>
>> The server is running on Solaris 7 (Sparc).  It can be successfully
>> accessed by the Unix versions of the client and by other tools such as
>>  ldapsearch - only the windows client fails.
>>
>> The windows tool s_client.exe (compiled with openssl) is able to
>> connect to the ldap server quite successfully although it eventually
>> passes the handshake stage and cannot go any further because it
>> obviously doesn't understand the LDAP protocol.  This leads me to
>> think that the problem is somehow intertwined with OpenLDAP.
>>
>> I shall be having a go at debugging this but I'd appreciate any advice
>>  or tips.
>>
>> Thanks,
>>
>> Tim
>>
>>
>>
>> SLAPD DEBUG TRACE OF A CONNECTION FROM A WINDOWS CLIENT:
>>
>>
>> daemon: activity on 1 descriptors
>> daemon: new connection on 9
>> daemon: conn=36 fd=9 connection from IP=192.168.34.101:2518
>> (IP=0.0.0.0:0) accepted.
>> daemon: added 9r
>> daemon: activity on:
>> daemon: select: listen=7 active_threads=0 tvp=NULL
>> daemon: select: listen=8 active_threads=0 tvp=NULL
>> daemon: activity on 1 descriptors
>> daemon: activity on: 9r
>> daemon: read activity on 9
>> connection_get(9)
>> connection_get(9): got connid=36
>> connection_read(9): checking for input on id=36
>> TLS trace: SSL_accept:before/accept initialization
>> tls_read: want=11, got=11
>>  0000:  30 39 02 01 01 60 34 02  01 03 04
>> 09...`4....      TLS trace: SSL_accept:error in SSLv2/v3 read client
>> hello A
>> TLS: can't accept.
>> TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
>> protocol s23_srvr.c:565
>> connection_read(9): TLS accept error error=-1 id=36, closing
>> connection_closing: readying conn=36 sd=9 for close
>> connection_close: conn=36 sd=9
>> daemon: removing 9
>> conn=-1 fd=9 closed
>> daemon: select: listen=7 active_threads=0 tvp=NULL
>> daemon: select: listen=8 active_threads=0 tvp=NULL
>> daemon: activity on 1 descriptors
>> daemon: select: listen=7 active_threads=0 tvp=NULL
>> daemon: select: listen=8 active_threads=0 tvp=NULL
>>
>>
>>
>>
>>
>>
>
>
> --
> Tim Bond | Senior Security Engineer | 703-251-7144 |
> tbond@webmethods.com webMethods, Inc.                         The
> Business Integration Company