[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Probleme : LDAP + SSL/TLS
Hello !
I try to use SSL/TLS with LDAP... but it doesn't work (since.. 3 weeks..
O_o)
So, You are my last chance ...
This is the versions, commands and errors I make and receive.
Has someone an idea??
I did and did again and again my certificate, read and followed a lot of
docs.. but I always have the same errors..
Plz help me...
Big Thanks in advance
Gabrielle
PS: Sorry for my english. I'm french.
1) Versions
-------------
openldap : openldap 2.1.23
openssl : openssl 0.9.7d
2) Flags for compilation
--------------------------
$>export CPPFLAGS="-I/usr/local/BerkeleyDB4.1/include
-I/usr/local/openssl/include" LDFLAGS="-L/usr/local/BerkeleyDB4.1/lib
-L/usr/local/openssl/lib"
$>./configure --with-tls --with-cyrus-sasl
3) Compilation time
--------------------
checking for openssl/ssl.h ... yes
checking for ssl.h ... yes
checking for SSLeay_add_ssl_algorithms in -lssl... no
checking for SSL_library_init in -lssl... yes
4) My docs
-----------
I followed the OPENLDAP -TLS/SSL howto
this one : http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html
and a lot of others ...
5) Tests with openssl
----------------------
$>openssl s_client -connect 10.0.70.47:636 -showcerts -state -CAfile
/etc/openldap/cacert.pem
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL3 alert read:fatal:handshake failure
SSL_connect:error in SSLv2/v3 read server hello A
459:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure:s23_clnt.c:470:
$>openssl s_client -connect 10.0.70.47:636 -showcerts -state -CAfile
/etc/openldap/cacert.pem -ssl2
SSL_connect:error in SSLv2 read server hello B
462:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too
long:asn1_lib.c:140:
462:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object
header:tasn_dec.c:935:
462:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error:tasn_dec.c:304:Type=X509
462:error:1407E00B:SSL routines:SSL2_SET_CERTIFICATE:X509
lib:s2_clnt.c:1049:
$>openssl s_client -connect 10.0.70.47:636 -showcerts -state -CAfile
/etc/openldap/cacert.pem -ssl3
SSL_connect:SSLv3 write client hello A
SSL3 alert read:fatal:handshake failure
SSL_connect:failed in SSLv3 read server hello A
463:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
failure:s3_pkt.c:1052:SSL alert number 40
463:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:529:
6) Debugs of the server after each commands
------------------------------------------------
($>openssl s_client -connect 10.0.70.47:636 -showcerts -state -CAfile
/etc/openldap/cacert.pem -ssl2)
TLS trace: SSL_accept:failed in SSLv2 read client master key A
TLS: can't accept.
TLS: error:1406B0C9:SSL routines:GET_CLIENT_MASTER_KEY:peer error
certificate s2_pkt.c:675
connection_read(13): TLS accept error error=-1 id=0, closing
($>openssl s_client -connect 10.0.70.47:636 -showcerts -state -CAfile
/etc/openldap/cacert.pem -ssl3)
TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read client hello C
TLS trace: SSL_accept:error in SSLv3 read client hello C
TLS: can't accept.
TLS: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
s3_srvr.c:887
connection_read(13): TLS accept error error=-1 id=1, closing
($>openssl s_client -connect 10.0.70.47:636 -showcerts -state -CAfile
/etc/openldap/cacert.pem)
TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read client hello B
TLS trace: SSL_accept:error in SSLv3 read client hello B
TLS: can't accept.
TLS: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
s3_srvr.c:887
connection_read(13): TLS accept error error=-1 id=3, closing
connection_closing: readying conn=3 sd=13 for close
_________________________________________________________________
MSN Search, le moteur de recherche qui pense comme vous !
http://search.msn.fr