[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
slapd + tls problem
- To: openldap-technical@openldap.org
- Subject: slapd + tls problem
- From: Alessandro Baggi <alessandro.baggi@gmail.com>
- Date: Sun, 14 Jun 2009 20:31:04 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:content-type :content-transfer-encoding; bh=qK1C2YzAZwPKK40Ttn2QRx5Q6+V7SGcB+JQlh1kKMFg=; b=t5bjk3FfL7f5ITjM6Am+fcksB6nr9cx8pi8vGWhSwDTZ+loTxIgbmzp6xyAdbHA7zj usow4cGVubLaBgynePy/yQfnirNnZfF2BudZTXZjxbFh1uWsUnWepPTPtNcn/NjglzJk bi416cjeJ8YAN1uobMC7KeY1xPUDIhMwLv+54=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; b=C2ktLALDB/gGsN5pHuc7Lm9ojBt/Kdqf1suwv2qY4z13m2vz5MaRjvhDTR2soFRLwo heZp1HgGQ1sxisux4TRm4Cn7edl94I55qyi851uwIvv6Lm6g1wk/zXZ/Rjus+HnIqrU+ /CwpnKaJ5GbvfSypda+lwjS0lI81kovRWLxB0=
- User-agent: Thunderbird 2.0.0.12 (X11/20080213)
Hi there. I've problem setting up SLAPD + TLS and libnss-ldap. When I
try to get the passwd entry with getent passwd I get the following error:
TLS: can't accept: A record packet with illegal version was received..
connection_read(13): TLS accept failure error=-1 id=18, closing
This is a certificate problem or libnss-ldap configuration problem? I've
also tested slapd and tls with gnutls-cli and openssl s_client and they
complete test successfully. I've also tested my certificate with openssl
verify, and also this test has been completed successfully. My
nsswitch.conf is configured with files and ldap.
Then, i've created my certificate with the following command:
# /usr/lib/ssl/misc/CA.pl -newca /* to create the ca
certificate and key*/
# openssl req -newkey rsa:1024 -nodes -keyout key.pem -out
newreq.pem /*for server/client certificate building and
sing*/
# /usr/lib/ssl/misc/CA.pl -sign
I've tried using only openssl with slapd and all work very good, but not
with GnuTLS. My system is Debian Lenny.
There's something that is wrong in certificate creation?
What is the meaning of "A record packet with illegal version was received"?
This is a bug or a mismatch configuration?
Thanks in advance.