[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
TLS still can't accept....ssl handshake problem
so i tried to troubleshoot somewhat more..and i'm getting into this problem...
slapd started with
/usr/depot/openldap/current/libexec/slapd -d 127 -u ldap -g ldap -h ldaps:/// -f /etc/depot/openldap/openldap/slapd.conf
from the client end..if i do a ssl check on the certs,i get
/usr/depot/openssl/current/bin/openssl s_client -connect needlefish.internal.foo.com:636 -showcerts -state -CAfile /etc/depot/openldap/certs/cacert.pem
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1 /C=US/ST=CA/L=Cupertino/O=foo/CN=needlefish.internal.foo.com
verify return:1
depth=0 /C=US/ST=CA/L=Cupertino/O=foo/CN=needlefish.internal.foo.com
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL3 alert read:fatal:handshake failure
SSL_connect:failed in SSLv3 read finished A
25109:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1052:SSL alert number 40
25109:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226:
2004.05.21-11:06:29 root@needlefish[3098]/etc/depot/openldap/openldap #
while on the server side it shows
connection_get(10): got connid=1
connection_read(10): checking for input on id=1
tls_read: want=5, got=5
0000: 16 03 01 00 07 .....
tls_read: want=7, got=7
0000: 0b 00 00 03 00 00 00 .......
tls_write: want=7, written=7
0000: 15 03 01 00 02 02 28 ......(
TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read client certificate B
TLS: can't accept.
TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate s3_srvr.c:1999
connection_read(10): TLS accept error error=-1 id=1, closing
connection_closing: readying conn=1 sd=10 for close
connection_close: conn=1 sd=10
daemon: removing 10