[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch and TLS

To: D.M.Lewney@sussex.ac.uk (Dave Lewney)
Subject: Re: ldapsearch and TLS
From: Chris Majewski <majewski@cs.ubc.ca>
Date: Wed, 17 Mar 2004 09:54:43 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <40581146.8070101@central.susx.ac.uk> (Dave Lewney's message of "Wed, 17 Mar 2004 08:50:14 +0000")
References: <Pine.LNX.4.21.0403161044340.12780-100000@mi.krzys.ca> <40581146.8070101@central.susx.ac.uk>
User-agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.2 (gnu/linux)

D.M.Lewney@sussex.ac.uk (Dave Lewney) writes:

> My guess is that the CN in your certificate is not "okocim" . Try this ...
>
> openssl s_client -connect okocim:636 -CAfile <path-to-CA-cert>

It's "okocim.cs.ubc.ca",  but passing  that to ldapsearch  (instead of
"okocim")  didn't help.  Here's  the output  of  the s_client  command
above, with Base64-ish stuff deleted. What does that tell you? 

-chris

depth=1 /C=CA/ST=British Columbia/L=Vancouver/O=University of British Columbia/OU=Department of Computer Science/CN=UBC Computer Science Certificate Authority/emailAddress=webmaster@cs.ubc.ca
verify return:1
depth=0 /C=CA/ST=British Columbia/L=Vancouver/O=University of British Columbia/OU=Department of Computer Science/CN=okocim.cs.ubc.ca/emailAddress=majewski@cs.ubc.ca
verify return:1
CONNECTED(00000003)
---
Certificate chain
 0 s:/C=CA/ST=British Columbia/L=Vancouver/O=University of British Columbia/OU=Department of Computer Science/CN=okocim.cs.ubc.ca/emailAddress=majewski@cs.ubc.ca
   i:/C=CA/ST=British Columbia/L=Vancouver/O=University of British Columbia/OU=Department of Computer Science/CN=UBC Computer Science Certificate Authority/emailAddress=webmaster@cs.ubc.ca
 1 s:/C=CA/ST=British Columbia/L=Vancouver/O=University of British Columbia/OU=Department of Computer Science/CN=UBC Computer Science Certificate Authority/emailAddress=webmaster@cs.ubc.ca
   i:/C=CA/ST=British Columbia/L=Vancouver/O=University of British Columbia/OU=Department of Computer Science/CN=UBC Computer Science Certificate Authority/emailAddress=webmaster@cs.ubc.ca
---
Server certificate
-----BEGIN CERTIFICATE-----
--stuff deleted---
-----END CERTIFICATE-----
subject=/C=CA/ST=British Columbia/L=Vancouver/O=University of British Columbia/OU=Department of Computer Science/CN=okocim.cs.ubc.ca/emailAddress=majewski@cs.ubc.ca
issuer=/C=CA/ST=British Columbia/L=Vancouver/O=University of British Columbia/OU=Department of Computer Science/CN=UBC Computer Science Certificate Authority/emailAddress=webmaster@cs.ubc.ca
---
No client certificate CA names sent
---
SSL handshake has read 2701 bytes and written 468 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: 4B7AD233D1C20B5BBDBDD2C3CBFBB82FDDB075E5948C995B4AFF46826CA29756
    Session-ID-ctx: 
    Master-Key: --stuff deleted--
    Key-Arg   : None
    Krb5 Principal: None
    Start Time: 1079545967
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

Follow-Ups:
- Re: ldapsearch and TLS
  - From: Luca Filipozzi <lucaf+openldap@ece.ubc.ca>

References:
- Re: ldapsearch and TLS
  - From: Chris Majewski <majewski@cs.ubc.ca>
- Re: ldapsearch and TLS
  - From: D.M.Lewney@sussex.ac.uk (Dave Lewney)

Prev by Date: RE: slapd's syslogging slowing it down
Next by Date: RE: Proxy problem
Index(es):
- Chronological
- Thread