[Date Prev][Date Next] [Chronological] [Thread] [Top]

Pls help: ldap_start_tls_s fails

To: openldap-software@OpenLDAP.org
Subject: Pls help: ldap_start_tls_s fails
From: "S.T." Wong <st@pegasus.itsc.cuhk.edu.hk>
Date: Sun, 3 Apr 2005 18:06:53 +0800 (EAT)

Hi all,

I wrote a simple program that calls ldap_start_s on an HP-UX 11.00 with OpenLDAP 2.1.29.  I put following lines in ldap.conf:

TLS_CACERT /usr/local/etc/openldap/cacert.pem
TLS_REQCERT allow

The program always fails with error: "ldap_start_tls failed: Connect error (91)". Ssldump on openldap server shows following:

---------------------------- cut here ------------------------

1 1  0.0462 (0.0462)  C>S SSLv2 compatible client hello
  Version 3.1 
  cipher suites
  Unknown value 0x39  
  Unknown value 0x38  
  Unknown value 0x35  
  TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA  
  TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA  
  TLS_RSA_WITH_3DES_EDE_CBC_SHA  
  SSL2_CK_3DES  
  Unknown value 0x33  
  Unknown value 0x32  
  Unknown value 0x2f  
  TLS_RSA_WITH_IDEA_CBC_SHA  
  SSL2_CK_IDEA  
  SSL2_CK_RC2  
  TLS_DHE_DSS_WITH_RC4_128_SHA  
  TLS_RSA_WITH_RC4_128_SHA  
  TLS_RSA_WITH_RC4_128_MD5  
  SSL2_CK_RC4  
  SSL2_CK_RC464  
  TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA  
  TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA  
  TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5  
  TLS_DHE_RSA_WITH_DES_CBC_SHA  
  TLS_DHE_DSS_WITH_DES_CBC_SHA  
  TLS_RSA_WITH_DES_CBC_SHA  
  SSL2_CK_DES  
  TLS_DHE_DSS_WITH_RC2_56_CBC_SHA  
  TLS_RSA_EXPORT1024_WITH_RC4_56_SHA  
  TLS_RSA_EXPORT1024_WITH_RC4_56_MD5  
  TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA  
  TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA  
  TLS_RSA_EXPORT_WITH_DES40_CBC_SHA  
  TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5  
  SSL2_CK_RC2_EXPORT40  
  TLS_RSA_EXPORT_WITH_RC4_40_MD5  
  SSL2_CK_RC4_EXPORT40  
1 2  0.0468 (0.0005)  S>C  Handshake
      ServerHello
        Version 3.1 
        session_id[32]=
          b9 09 75 14 9b 59 8c e9 4a 69 af 03 30 5e 8a 70 
          f2 66 f7 8a 8b 74 49 d1 d2 a3 e6 9a 8d 16 f2 bb 
        cipherSuite         TLS_RSA_WITH_3DES_EDE_CBC_SHA
        compressionMethod                   NULL
1 3  0.0469 (0.0000)  S>C  Handshake
      Certificate
1 4  0.0469 (0.0000)  S>C  Handshake
      ServerHelloDone
1    0.0775 (0.0305)  C>S  TCP FIN
1    0.0777 (0.0002)  S>C  TCP FIN
---------------------------- cut here ------------------------

However, "ldapsearch -ZZ" on the same client machine works.  Same results 
obtained when I tried different LDAP servers (OpenLDAP and SunDS).

Please help.  Thanks a lot.

/ST Wong

Prev by Date: RE: Pls help: ldap_start_tls_s fails
Next by Date: Re: using syncrepl for master slave relationship not working
Index(es):
- Chronological
- Thread