[Date Prev][Date Next] [Chronological] [Thread] [Top]

TLS still can't accept....ssl handshake problem



so i tried to troubleshoot somewhat more..and i'm getting into this problem...

slapd started with 

/usr/depot/openldap/current/libexec/slapd -d 127 -u ldap -g ldap -h ldaps:/// -f /etc/depot/openldap/openldap/slapd.conf

from the client end..if i do a ssl check on the certs,i get

/usr/depot/openssl/current/bin/openssl s_client -connect needlefish.internal.foo.com:636 -showcerts -state -CAfile /etc/depot/openldap/certs/cacert.pem
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1 /C=US/ST=CA/L=Cupertino/O=foo/CN=needlefish.internal.foo.com
verify return:1
depth=0 /C=US/ST=CA/L=Cupertino/O=foo/CN=needlefish.internal.foo.com
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL3 alert read:fatal:handshake failure
SSL_connect:failed in SSLv3 read finished A
25109:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1052:SSL alert number 40
25109:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226:
2004.05.21-11:06:29 root@needlefish[3098]/etc/depot/openldap/openldap # 




while on the server side it shows

connection_get(10): got connid=1
connection_read(10): checking for input on id=1
tls_read: want=5, got=5
  0000:  16 03 01 00 07                                     .....             
tls_read: want=7, got=7
  0000:  0b 00 00 03 00 00 00                               .......           
tls_write: want=7, written=7
  0000:  15 03 01 00 02 02 28                               ......(           
TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read client certificate B
TLS: can't accept.
TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate s3_srvr.c:1999
connection_read(10): TLS accept error error=-1 id=1, closing
connection_closing: readying conn=1 sd=10 for close
connection_close: conn=1 sd=10
daemon: removing 10