[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ssl and openldap
- To: openldap-software@OpenLDAP.org
- Subject: ssl and openldap
- From: Gustavo Rios <vieira.rios@gmail.com>
- Date: Sun, 9 Jan 2005 18:01:03 -0200
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=g1qjlgKSD4Olz6Wvt8Jj5j2ybywjBtiLprlDT+9niwNeC9r90NnLuNaL0zUgQ2N6qGONxOUGQrSBQWLiK/HFZBs+oG2AQKGHaCy75ckundRrFF8mDbVJ61AEzGDZ7B9Dap7TlRtWX2gT3P+3krT4vhCEoJ7peMkJ56j/oayaukU=
Hey list,
since my last posts i have done progress with netscape browser (it's
ok now). Any how, let's forget about apache and this matter and keep
focused on ssl and openldap.
After have re-done my CA configuration i tried again to have ssl
working for openldap, but no success so far.
starting openldap (slapd -d 7) i had the following:
...
...
TLS trace: SSL_accept:SSLv3 flush data
tls_read: want=5, got=5
0000: 15 03 01 00 02 .....
tls_read: want=2, got=2
0000: 02 33 .3
TLS trace: SSL3 alert read:fatal:decrypt error
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept.
TLS: error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt
error /usr/src/lib/libssl/ssl/../src/ssl/s3_pkt.c:1052
connection_read(12): TLS accept error error=-1 id=1, closing
connection_closing: readying conn=1 sd=12 for close
connection_close: conn=1 sd=12
The program i used to try connecting was ldapsearch, it's output was:
etosha$ ldapsearch -ZZ -x
ldap_start_tls: Connect error (-11)
additional info: error:0D0890A1:asn1 encoding
routines:ASN1_verify:unknown message digest algorithm
etosha$
Does anybody have any ideia about what is going on ?
My slapd.conf is:
TLSCACertificateFile /var/ca1/crt/ca.crt
TLSCertificateFile /var/ca1/crt/ldap.crt
TLSCertificateKeyFile /var/ca1/pvt/ldap.key
TLSVerifyClient never
My ldap.conf is:
TLS_CACERT /var/ca1/crt/ca.crt
Thanks a lot for your time and cooperation.
Best regards.