[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: solaris 8 client authentication to openldap (TLS issue)
Yeah, it's SSL problem.
Testing with openssl s_client / s_server using option
-ssl3 and -tls1 failed with the same error...
Looking at the source code in s3_pkt.c, seems that the
error is caused by client not using ssl3 or tls1 to
talk to the server. Not sure how to solve this
though..
Thanks anyway...
I know that this is not openldap issue, but if anyone
in this mailing list has any input, i would really
appreciate it...
-lara-
--- Quanah Gibson-Mount <quanah@stanford.edu> wrote:
>
>
> --On Friday, July 16, 2004 7:24 AM -0700 Lara
> Adianto
> <m1r4cle_26@yahoo.com> wrote:
>
> > 1. in redhat linux:
> > - openldap-2.1.30 (compiled with-tls, TLS/SSL
> > connection has been tested with the ldapclient on
> the
> > same machine)
> > - openssl-0.9.6b
>
> OpenSSL 0.9.6b has known security vulnerabilities, I
> don't suggest using it.
>
>
>
> > TLS trace: SSL_accept:error in SSLv3 read client
> > certificate A
> > TLS: can't accept.
> > TLS: error:1408F10B:SSL
> routines:SSL3_GET_RECORD:wrong
> > version number s3_pkt.c:297
> > connection_read(10): TLS accept error error=-1
> id=0,
> > closing
> > connection_closing: readying conn=0 sd=10 for
> close
> > connection_close: conn=0 sd=10
> > daemon: removing 10
> > daemon: select: listen=6 active_threads=0 tvp=NULL
> > daemon: select: listen=7 active_threads=0 tvp=NULL
> > daemon: activity on 1 descriptors
> > daemon: select: listen=6 active_threads=0 tvp=NULL
> > daemon: select: listen=7 active_threads=0 tvp=NULL
>
> This is an OpenSSL problem, not an OpenLDAP problem.
> It would be better to
> direct it to an OpenSSL related list.
>
> See
>
<http://www.openldap.org/lists/openldap-software/200405/msg00094.html>
>
> which shows the problem occurs below the OpenLDAP
> level.
>
> I personally suggest you use the same version of
> OpenSSL everywhere
> (recompiling where necessary) and see if that fixes
> the problem.
>
> --Quanah
>
>
> --
> Quanah Gibson-Mount
> Principal Software Developer
> ITSS/Shared Services
> Stanford University
> GnuPG Public Key:
> http://www.stanford.edu/~quanah/pgp.html
>
=====
------------------------------------------------------------------------------------
La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
- Guy de Maupassant -
------------------------------------------------------------------------------------
__________________________________
Do you Yahoo!?
Vote for the stars of Yahoo!'s next ad campaign!
http://advision.webevents.yahoo.com/yahoo/votelifeengine/