[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: solaris 8 client authentication to openldap (TLS issue)



Yeah, it's SSL problem.

Testing with openssl s_client / s_server using option
-ssl3 and -tls1 failed with the same error...

Looking at the source code in s3_pkt.c, seems that the
error is caused by client not using ssl3 or tls1 to
talk to the server. Not sure how to solve this
though..

Thanks anyway...
I know that this is not openldap issue, but if anyone
in this mailing list has any input, i would really
appreciate it...

-lara-

--- Quanah Gibson-Mount <quanah@stanford.edu> wrote:
> 
> 
> --On Friday, July 16, 2004 7:24 AM -0700 Lara
> Adianto 
> <m1r4cle_26@yahoo.com> wrote:
> 
> > 1. in redhat linux:
> > - openldap-2.1.30 (compiled with-tls, TLS/SSL
> > connection has been tested with the ldapclient on
> the
> > same machine)
> > - openssl-0.9.6b
> 
> OpenSSL 0.9.6b has known security vulnerabilities, I
> don't suggest using it.
> 
> 
> 
> > TLS trace: SSL_accept:error in SSLv3 read client
> > certificate A
> > TLS: can't accept.
> > TLS: error:1408F10B:SSL
> routines:SSL3_GET_RECORD:wrong
> > version number s3_pkt.c:297
> > connection_read(10): TLS accept error error=-1
> id=0,
> > closing
> > connection_closing: readying conn=0 sd=10 for
> close
> > connection_close: conn=0 sd=10
> > daemon: removing 10
> > daemon: select: listen=6 active_threads=0 tvp=NULL
> > daemon: select: listen=7 active_threads=0 tvp=NULL
> > daemon: activity on 1 descriptors
> > daemon: select: listen=6 active_threads=0 tvp=NULL
> > daemon: select: listen=7 active_threads=0 tvp=NULL
> 
> This is an OpenSSL problem, not an OpenLDAP problem.
>  It would be better to 
> direct it to an OpenSSL related list.
> 
> See
>
<http://www.openldap.org/lists/openldap-software/200405/msg00094.html>
> 
> which shows the problem occurs below the OpenLDAP
> level.
> 
> I personally suggest you use the same version of
> OpenSSL everywhere 
> (recompiling where necessary) and see if that fixes
> the problem.
> 
> --Quanah
> 
> 
> --
> Quanah Gibson-Mount
> Principal Software Developer
> ITSS/Shared Services
> Stanford University
> GnuPG Public Key:
> http://www.stanford.edu/~quanah/pgp.html
> 


=====
------------------------------------------------------------------------------------ 
La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
                                                                        - Guy de Maupassant -
------------------------------------------------------------------------------------


	
		
__________________________________
Do you Yahoo!?
Vote for the stars of Yahoo!'s next ad campaign!
http://advision.webevents.yahoo.com/yahoo/votelifeengine/