[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
TLS not working for non-root user
Hello,
I'm having a problem where clients cannot connect via TLS when openldap is
started as the ldap user. Everything works perfectly when started as
root. The errors I'm getting are:
from openssl:
openssl s_client -connect localhost:636 -showcerts -state
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL3 alert read:fatal:handshake failure
SSL_connect:error in SSLv2/v3 read server hello A
8330:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
handshake failure:s23_clnt.c:470:
from slapd:
daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read client hello B
TLS trace: SSL_accept:error in SSLv3 read client hello B
TLS: can't accept.
TLS: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
s3_srvr.c:887
connection_read(10): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=10 for close
connection_close: conn=0 sd=10
daemon: removing 10
I've checked my permissions a thousand times and they're all set properly.
I'm using openldap 2.2.6, openssl 0.9.7d on a linux 2.6.5 kernel.
The problem I am having seems to have been encountered before here:
http://www.openldap.org/lists/openldap-software/200105/msg00563.html,
however there was not a response to this persons query.
Thanks,
Chris