[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re-2: SSL problem with self-compiled client
> >so I think that the certificates are right.
>
> You should use OpenSSL s_client/s_server to confirm that
> the certificates are right.
I don't know much about SSL but for me it looks ok, see below.
But if I start slapd and call s_client it looks strange:
Server:
-------
slapd -d1 -h "ldaps:///"
[...]
ldap_pvt_gethostbyname_a: host=virtlab, r=0
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ber_scanf fmt (m) ber:
connection_get(11): got connid=0
connection_read(11): checking for input on id=0
connection_get(11): got connid=0
connection_read(11): checking for input on id=0
TLS certificate verification: depth: 0, err: -49, subject: -unknown-, issuer: -unknown-
TLS certificate verification: Error, Unknown error
connection_read(11): unable to get TLS client DN error=49 id=0
Client:
-------
pemds:~/win/cccd/trunk/sslkeys/ldap/tmp$ openssl s_client -host virtlab -port 636 -showcerts -state -CAfile cacert.p
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1 /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=virtlab.gdsys.de
verify return:1
depth=0 /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=virtlab.gdsys.de
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
[...]
---
Server certificate
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=virtlab.gdsys.de
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=virtlab.gdsys.de
---
No client certificate CA names sent
---
SSL handshake has read 1494 bytes and written 308 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: C5FB5A8D6A802A83C94C2BC409FD191D2E930ED6B6619F02D6757CFA13CAB54A
Session-ID-ctx:
Master-Key: A1CD989334CC17C51E4006ADBD392617869497DDDE9BEC2C280EECD6B219AAB6D811C70A09E03DBAB9C3BCE1B7BC982C
Key-Arg : None
Start Time: 1114773853
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
SSL3 alert read:warning:bad certificate
Any idea what_s wrong?
Thank's -
Dirk
-----------------------
server-host> openssl s_server -cert slapd_cert.pem -key slapd_key.pem
client-host> openssl s_client -host virtlab -showcerts -state -CAfile cacert.pem
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1 /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=virtlab.gdsys.de
verify return:1
depth=0 /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=virtlab.gdsys.de
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
---
[...]
Server certificate
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=virtlab.gdsys.de
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=virtlab.gdsys.de
---
No client certificate CA names sent
---
SSL handshake has read 1238 bytes and written 276 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 14CD8B9414043AC68E56A9CE4FD114F36833F1461F5ECEBA6E48A0975AB50CA1
Session-ID-ctx:
Master-Key: EC42374C9236E8C6D61C7D60FD96D92823BF00D368494AB2877866FE9F67F0DD58027849D317983619D36274EC2FD7AA
Key-Arg : None
Start Time: 1114773372
Timeout : 300 (sec)
Verify return code: 0 (ok)
---