[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problems with multiple DNS names in cert.

To: openldap-software@OpenLDAP.org
Subject: Problems with multiple DNS names in cert.
From: Mathias Meisfjordskar <mathias.meisfjordskar@usit.uio.no>
Date: 26 Mar 2003 18:28:14 +0100
Organization: USIT - UiO
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2

Greatings all.

I got my OpenLDAP-server to accept TLS-enabled connections for
different DNS-names a while ago. Today I tried to do the same with
OpenLDAP 2.1.16, but it's not working.

I've red the Admin manual, the FAQ, the man-pages and searched the
mail-archive, but still no solution.

ldap.conf:
TLS_CACERT /ldap/etc/ldap-cert/w3_cacert.pem

slapd.conf:
# SSL/TLS
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /ldap/etc/ldap-cert/beeblebrox.uio.no.crt
TLSCertificateKeyFile /ldap/etc/ldap-cert/beeblebrox.uio.no.key
TLSCACertificateFile /ldap/etc/ldap-cert/w3_cacert.pem

/ldap/etc/ldap-cert/beeblebrox.uio.no.crt:
            X509v3 Subject Alternative Name: 
                DNS:ldap.uio.no, DNS:bb.uio.no

This was made using Howard Chu's recipe in the "Q: OpenLDAP In A
'Heartbeat' Cluster" thread. I have generated new certificates as
well, but that didn't help either.

There are no errors from slapd when importing the certs.


beeblebrox.uio.no# /ldap/usr/bin/ldapsearch -x -h bb.uio.no -ZZ -s base > /dev/null
ldap_start_tls: Connect error (91)
        additional info: TLS: hostname does not match CN in peer certificate
beeblebrox.uio.no# /ldap/usr/bin/ldapsearch -x -h beeblebrox.uio.no -ZZ -s base > /dev/null
beeblebrox.uio.no# 

Both show the same result(without the pipe), but the first shouldn't
give me an error.


In the slapd logfile I find:
ldap_read: want=9 error=Resource temporarily unavailable
ber_get_next on fd 13 failed errno=11 (Resource temporarily unavailable)
...
tls_read: want=5 error=Resource temporarily unavailable
...
connection_read(13): unable to get TLS client DN error=49 id=0
...
tls_read: want=5 error=Resource temporarily unavailable
ldap_read: want=9 error=Resource temporarily unavailable
ber_get_next on fd 13 failed errno=11 (Resource temporarily unavailable)


I've also tried with other machines and other versions of OpenLDAP,
but no solution.


Does anyone know what the problem is?

-- 
Regards,
Mathias Meisfjordskar
GNU/Linux addict.

"If it works; HIT IT AGAIN!"

Follow-Ups:
- Re: Problems with multiple DNS names in cert.
  - From: Mathias Meisfjordskar <mathias.meisfjordskar@usit.uio.no>
- RE: Problems with multiple DNS names in cert.
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: Re: Configuring Solaris 8 clients
Next by Date: Re: Problems with multiple DNS names in cert.
Index(es):
- Chronological
- Thread