[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: solaris 8 client authentication to openldap (TLS issue)
--On Friday, July 16, 2004 7:24 AM -0700 Lara Adianto
<m1r4cle_26@yahoo.com> wrote:
1. in redhat linux:
- openldap-2.1.30 (compiled with-tls, TLS/SSL
connection has been tested with the ldapclient on the
same machine)
- openssl-0.9.6b
OpenSSL 0.9.6b has known security vulnerabilities, I don't suggest using it.
TLS trace: SSL_accept:error in SSLv3 read client
certificate A
TLS: can't accept.
TLS: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
version number s3_pkt.c:297
connection_read(10): TLS accept error error=-1 id=0,
closing
connection_closing: readying conn=0 sd=10 for close
connection_close: conn=0 sd=10
daemon: removing 10
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
This is an OpenSSL problem, not an OpenLDAP problem. It would be better to
direct it to an OpenSSL related list.
See <http://www.openldap.org/lists/openldap-software/200405/msg00094.html>
which shows the problem occurs below the OpenLDAP level.
I personally suggest you use the same version of OpenSSL everywhere
(recompiling where necessary) and see if that fixes the problem.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html