Re: solaris 8 client authentication to openldap (TLS issue)

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Friday, July 16, 2004 7:24 AM -0700 Lara Adianto 
<m1r4cle_26@yahoo.com> wrote:

> 1. in redhat linux:
> - openldap-2.1.30 (compiled with-tls, TLS/SSL
> connection has been tested with the ldapclient on the
> same machine)
> - openssl-0.9.6b

OpenSSL 0.9.6b has known security vulnerabilities, I don't suggest using it.



> TLS trace: SSL_accept:error in SSLv3 read client
> certificate A
> TLS: can't accept.
> TLS: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
> version number s3_pkt.c:297
> connection_read(10): TLS accept error error=-1 id=0,
> closing
> connection_closing: readying conn=0 sd=10 for close
> connection_close: conn=0 sd=10
> daemon: removing 10
> daemon: select: listen=6 active_threads=0 tvp=NULL
> daemon: select: listen=7 active_threads=0 tvp=NULL
> daemon: activity on 1 descriptors
> daemon: select: listen=6 active_threads=0 tvp=NULL
> daemon: select: listen=7 active_threads=0 tvp=NULL

This is an OpenSSL problem, not an OpenLDAP problem.  It would be better to 
direct it to an OpenSSL related list.

See <http://www.openldap.org/lists/openldap-software/200405/msg00094.html> 
which shows the problem occurs below the OpenLDAP level.

I personally suggest you use the same version of OpenSSL everywhere 
(recompiling where necessary) and see if that fixes the problem.

--Quanah


--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html