Hi there!
I'm experiencing problems with some clients utilizing SSL. I have openldap
2.1.12 server on linux platform with openssl version 0.9.6h.
I can successfuly connect to port 636 with LDAP administrator, which is
written in java, cyrus-saslauthd with tls, courier-imapd with tls.
But i cannot connect with nss_ldap (with tls) and microsoft outlook clients
or with softerra's ldap administrator 2.5 utilizing ssl or TLS.
Here goes slapd's debug log, which holds informations about failed
connection attempt from microsoft outlook express address book client using
SSL.
slapd runs unprivileged and chrooted.
conn=1 fd=12 ACCEPT from IP=213.143.79.46:1136 (IP=0.0.0.0:636)
daemon: added 12r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 12r
daemon: read activity on 12
connection_get(12)
connection_get(12): got connid=1
connection_read(12): checking for input on id=1
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=11
0000: 80 4c 01 03 01 00 33 00 00 00 10 .L....3....
tls_read: want=67, got=67
0000: 00 00 04 00 00 05 00 00 0a 01 00 80 07 00 c0 03 ................
0010: 00 80 00 00 09 06 00 40 00 00 64 00 00 62 00 00 .......@..d..b..
0020: 03 00 00 06 02 00 80 04 00 80 00 00 13 00 00 12 ................
0030: 00 00 63 08 b5 c9 38 b9 a5 5b 63 46 0c 6c 67 52 ..c...8..[cF.lgR
0040: 74 47 c5 tG.
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
tls_write: want=1012, written=1012
0000: 16 03 01 00 4a 02 00 00 46 03 01 3e 2d a4 79 c6 ....J...F..>-.y.
0010: 4e 2e d6 78 bf 7f 0e ac 84 7f e5 94 d8 72 2e 94 N..x.........r..
0020: 0c 9e df c3 78 08 69 e5 c1 09 3b 20 83 3d 18 f1 ....x.i...; .=..
0030: b2 e2 1d 70 29 86 d5 06 81 3a ad 75 04 d8 33 bd ...p)....:.u..3.
0040: 9b 58 e8 63 a0 41 ec 9d 9e d8 7c 80 00 04 00 16 .X.c.A....|.....
0050: 03 01 03 97 0b 00 03 93 00 03 90 00 03 8d 30 82 ..............0.
0060: 03 89 30 82 02 f2 a0 03 02 01 02 02 01 00 30 0d ..0...........0.
0070: 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 81 90 ..*.H........0..
0080: 31 0b 30 09 06 03 55 04 06 13 02 53 49 31 11 30 1.0...U....SI1.0
0090: 0f 06 03 55 04 08 13 08 53 6c 6f 76 65 6e 69 61 ...U....Slovenia
00a0: 31 12 30 10 06 03 55 04 07 13 09 4c 6a 75 62 6c 1.0...U....Ljubl
00b0: 6a 61 6e 61 31 17 30 15 06 03 55 04 0a 13 0e 4e jana1.0...U....N
00c0: 6f 76 69 66 6f 72 75 6d 20 4c 74 64 2e 31 1a 30 oviforum Ltd.1.0
00d0: 18 06 03 55 04 03 13 11 6c 64 61 70 2e 6e 6f 76 ...U....ldap.nov
00e0: 69 66 6f 72 75 6d 2e 73 69 31 25 30 23 06 09 2a iforum.si1%0#..*
00f0: 86 48 86 f7 0d 01 09 01 16 16 6c 64 61 70 61 64 .H........ldapad
0100: 6d 69 6e 40 6e 6f 76 69 66 6f 72 75 6d 2e 73 69 min@ldap.org
0110: 30 1e 17 0d 30 33 30 31 32 31 31 39 34 35 35 33 0...030121194553
0120: 5a 17 0d 30 35 30 31 32 30 31 39 34 35 35 33 5a Z..050120194553Z
0130: 30 81 90 31 0b 30 09 06 03 55 04 06 13 02 53 49 0..1.0...U....SI
0140: 31 11 30 0f 06 03 55 04 08 13 08 53 6c 6f 76 65 1.0...U....Slove
0150: 6e 69 61 31 12 30 10 06 03 55 04 07 13 09 4c 6a nia1.0...U....Lj
0160: 75 62 6c 6a 61 6e 61 31 17 30 15 06 03 55 04 0a ubljana1.0...U..
0170: 13 0e 4e 6f 76 69 66 6f 72 75 6d 20 4c 74 64 2e ..LDAP.
0180: 31 1a 30 18 06 03 55 04 03 13 11 6c 64 61 70 2e 1.0...U....ldap.
0190: 6e 6f 76 69 66 6f 72 75 6d 2e 73 69 31 25 30 23 ldap.org1%0#
01a0: 06 09 2a 86 48 86 f7 0d 01 09 01 16 16 6c 64 61 ..*.H........lda
01b0: 70 61 64 6d 69 6e 40 6e 6f 76 69 66 6f 72 75 6d padmin@ldap
01c0: 2e 73 69 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d .si0..0...*.H...
01d0: 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 .........0......
01e0: ab 6b 3b 4a 6a ee cc d3 d3 f6 59 c7 98 4a 25 13 .k;Jj.....Y..J%.
01f0: 26 32 aa be 0b 95 2d d2 ce d6 d6 c9 10 9e 14 cb &2....-.........
0200: 65 72 95 ec c0 68 d5 78 9e b9 9d 8e 7a b6 3b 25 er...h.x....z.;%
0210: 5b e5 b2 de f9 3d 7a 33 d2 d9 1c 9a 51 c5 84 1d [....=z3....Q...
0220: 1b de 7b 35 73 24 55 a4 6f 98 39 d5 45 e9 1d 8e ..{5s$U.o.9.E...
0230: 12 76 46 7c 8e 54 8b 1a 13 70 34 dc 2b 20 1f b2 .vF|.T...p4.+ ..
0240: 19 e3 fc 15 34 30 06 9a 17 58 6a b3 dd ba 1d 0c ....40...Xj.....
0250: 71 4d d7 b7 6f a4 f8 e9 4a b3 22 39 cd fc 11 03 qM..o...J."9....
0260: 02 03 01 00 01 a3 81 f0 30 81 ed 30 1d 06 03 55 ........0..0...U
0270: 1d 0e 04 16 04 14 59 16 bb 38 af ea dc 1b 48 57 ......Y..8....HW
0280: ba 5b f0 24 21 77 1d 8b 2d e1 30 81 bd 06 03 55 .[.$!w..-.0....U
0290: 1d 23 04 81 b5 30 81 b2 80 14 59 16 bb 38 af ea .#...0....Y..8..
02a0: dc 1b 48 57 ba 5b f0 24 21 77 1d 8b 2d e1 a1 81 ..HW.[.$!w..-...
02b0: 96 a4 81 93 30 81 90 31 0b 30 09 06 03 55 04 06 ....0..1.0...U..
02c0: 13 02 53 49 31 11 30 0f 06 03 55 04 08 13 08 53 ..SI1.0...U....S
02d0: 6c 6f 76 65 6e 69 61 31 12 30 10 06 03 55 04 07 lovenia1.0...U..
02e0: 13 09 4c 6a 75 62 6c 6a 61 6e 61 31 17 30 15 06 ..Ljubljana1.0..
02f0: 03 55 04 0a 13 0e 4e 6f 76 69 66 6f 72 75 6d 20 .U....Noviforum
0300: 4c 74 64 2e 31 1a 30 18 06 03 55 04 03 13 11 6c Ltd.1.0...U....l
0310: 64 61 70 2e 6e 6f 76 69 66 6f 72 75 6d 2e 73 69 dap.ldap.org
0320: 31 25 30 23 06 09 2a 86 48 86 f7 0d 01 09 01 16 1%0#..*.H.......
0330: 16 6c 64 61 70 61 64 6d 69 6e 40 6e 6f 76 69 66 .ldapadmin@lda
0340: 6f 72 75 6d 2e 73 69 82 01 00 30 0c 06 03 55 1d p.org...0...U.
0350: 13 04 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 ...0....0...*.H.
0360: f7 0d 01 01 04 05 00 03 81 81 00 7e d2 85 fa 5c ...........~...\
0370: c5 92 74 6d 7c a1 8d 35 3c e7 8b 7d 5a 8c 8c ab ..tm|..5<..}Z...
0380: 5e f2 ce 59 3b 07 96 e1 a7 fc 2b b8 08 00 91 f0 ^..Y;.....+.....
0390: 39 ca 73 d3 8f 49 d7 dd e6 46 8d 85 ff 17 68 b2 9.s..I...F....h.
03a0: d6 21 66 ca d7 e7 23 12 e8 22 25 7d d2 69 69 cb .!f...#.."%}.ii.
03b0: 7c 49 8e e6 72 d3 a9 4e 99 7e a1 7d 97 6e 9a f6 |I..r..N.~.}.n..
03c0: 97 06 f9 6d 31 47 38 bf e7 90 3c 5e b4 1c 13 66 ...m1G8...<^...f
03d0: 2b e8 87 2b 43 69 79 bd 75 ce 10 eb 50 44 07 eb +..+Ciy.u...PD..
03e0: db 9f 33 f3 95 82 1f 14 90 37 fb 16 03 01 00 04 ..3......7......
03f0: 0e 00 00 00 ....
TLS trace: SSL_accept:SSLv3 flush data
tls_read: want=5 error=Resource temporarily unavailable
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
any ideas?
best regards, Brane