[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Solaris 10 native Client with TLS to OpenLDAP

To: openldap-technical@openldap.org
Subject: Re: Solaris 10 native Client with TLS to OpenLDAP
From: John Gee <john@kleinfeld.ch>
Date: Mon, 13 Oct 2008 13:08:57 +0200
Content-disposition: inline
In-reply-to: <20081013101655.GA8108@sandbox.kleinfeld.ch>
Mail-followup-to: openldap-technical@openldap.org
References: <20081007164812.GA536@sandbox.kleinfeld.ch> <87fxn88bye.fsf@rubin.l4b.de> <20081008060828.GA17861@sandbox.kleinfeld.ch> <1223483736.787.9.camel@rubin> <20081012073308.GA8111@sandbox.kleinfeld.ch> <87ljwuezuh.fsf@rubin.l4b.de> <20081013101655.GA8108@sandbox.kleinfeld.ch>
User-agent: Mutt/1.4.2.2i

On Mon, Oct 13, 2008 at 12:16:55PM +0200, John Gee wrote:
> I will try it later today with a new-ca, but i think the problems must be at
> ldapclient (SUNWlldap) or inside cerutil.

I recreated the complete CA and Server-Certs. 
recreated nss-db on client site, and it works now. i dont know why, but it
works ;)

TLS/SSL
	connection_get(11): got connid=13
	connection_read(11): checking for input on id=13
	TLS trace: SSL_accept:before/accept initialization
	TLS trace: SSL_accept:SSLv3 read client hello A
	TLS trace: SSL_accept:SSLv3 write server hello A
	TLS trace: SSL_accept:SSLv3 write certificate A
	TLS trace: SSL_accept:SSLv3 write server done A
	TLS trace: SSL_accept:SSLv3 flush data
	TLS trace: SSL_accept:error in SSLv3 read client certificate A
	TLS trace: SSL_accept:error in SSLv3 read client certificate A
	connection_get(11): got connid=13
	connection_read(11): checking for input on id=13
	TLS trace: SSL_accept:SSLv3 read client key exchange A
	TLS trace: SSL_accept:SSLv3 read finished A
	TLS trace: SSL_accept:SSLv3 write change cipher spec A
	TLS trace: SSL_accept:SSLv3 write finished A
	TLS trace: SSL_accept:SSLv3 flush data
	connection_read(11): unable to get TLS client DN, error=49 id=13
	connection_get(11): got connid=13
	connection_read(11): checking for input on id=13

and here is the part thats didnt work before:
	ber_get_next
	ber_get_next: tag 0x30 len 61 contents:
	ber_get_next
	conn=13 op=0 do_bind
	ber_scanf fmt ({imt) ber:
	ber_scanf fmt (m}) ber:
	>>> dnPrettyNormal: <cn=proxyAgent,ou=profile,o=kleinfeld,c=ch>

Thanks for your help Dieter

Regards
John

References:
- Solaris 10 native Client with TLS to OpenLDAP
  - From: John Gee <john@kleinfeld.ch>
- Re: Solaris 10 native Client with TLS to OpenLDAP
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: Solaris 10 native Client with TLS to OpenLDAP
  - From: John Gee <john@kleinfeld.ch>
- Re: Solaris 10 native Client with TLS to OpenLDAP
  - From: Dieter Klünter <dieter@dkluenter.de>
- Re: Solaris 10 native Client with TLS to OpenLDAP
  - From: John Gee <john@kleinfeld.ch>
- Re: Solaris 10 native Client with TLS to OpenLDAP
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: Solaris 10 native Client with TLS to OpenLDAP
  - From: John Gee <john@kleinfeld.ch>

Prev by Date: Re: Solaris 10 native Client with TLS to OpenLDAP
Next by Date: multiple suffix
Index(es):
- Chronological
- Thread