[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
sslv3 alert handshake failure
Hi guys,
I know that this question has been posted quite often,
but after trying so many proposed solutions on the
net, none of them seems to work for me. I've already
turn on -d -1, but no useful hints.
The problem is as follows:
[root@localhost test-db]# /usr/bin/ldapsearch -x -s
base '(objectclass=*)' -H ldap://myserver.com/ -ZZ
supportedSASLMechanisms -d 256
request 1 done
TLS: can't connect.
ldap_start_tls: Connect error (91)
additional info: error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3 alert handshake failure
[root@localhost test-db]#
I have followed the openldap SSL/TLS How-To, and I
have [root@localhost openldap-data]# openssl s_client
-connect myserver.com:636 -state -CAfile
/home/user/certs/cacert.pem -cert
/home/user/certs/ldap.client.pem -key
/home/user/certs/keys/ldap.client.key.pem
--> Success result, similar to the to the result given
in the HowTo <--
but....
[root@localhost bin]# openssl s_client -connect
myserver.com:636
CONNECTED(00000003)
depth=1 /C=SG/ST=Singapore/L=Singapore/O=Laras
Com/OU=Laras Unit/CN=laras.com/Email=admin@laras.com
verify error:num=19:self signed certificate in
certificate chain
verify return:0
23529:error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3 alert handshake
failure:s3_pkt.c:1046:SSL alert number 40
23529:error:140790E5:SSL routines:SSL23_WRITE:ssl
handshake failure:s23_lib.c:226:
[root@localhost bin]#
My slapd.conf:
--------------
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include
/usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/krb5-kdc.schema
loglevel 256
pidfile /usr/local/var/slapd.pid
argsfile /usr/local/var/slapd.args
database bdb
suffix "ou=KPrincipals,dc=laras,dc=com"
rootdn "cn=Manager,ou=KPrincipals,dc=laras,dc=com"
rootpw {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxx
directory "/var/lib/ldap"
# Indices to maintain
index objectClass eq
index cn pres,eq
index uid pres,eq
#Specify ciphers
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /usr/var/openldap-data/cacert.pem
TLSCertificateFile
/usr/var/openldap-data/servercrt.pem
TLSCertificateKeyFile
/usr/var/openldap-data/serverkey.pem
TLSVerifyClient demand
access to *
by sockurl="^ldapi:///$" write
by * write
by * auth
by * read
My ldap.conf:
-------------
HOST laras.com
PORT 636
TLS_CACERT /home/user/certs/cacert.pem
TLS_REQCERT demand
What did I do wrong and what does the error means ?
Thanks,
-lara-
=====
------------------------------------------------------------------------------------
La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
- Guy de Maupassant -
------------------------------------------------------------------------------------
__________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online by April 15th
http://taxes.yahoo.com/filing.html