[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem with ldaps:// when switching from 2.3 to 2.4

To: Mathias Gug <mathiaz@ubuntu.com>
Subject: Re: Problem with ldaps:// when switching from 2.3 to 2.4
From: Tomasz Welman <tomasz.welman@pl.ibm.com>
Date: Fri, 13 Nov 2009 08:22:39 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <20091112171118.GJ2762@mathias-10v.mathiaz.net>
References: <OF514EFAD5.DD2CCE27-ONC1257669.0041D9EA-C1257669.0042BDC0@pl.ibm.com> <E62FFAC765F6B0B32046FF51@192.168.1.199> <OF167D160F.489F928D-ONC125766A.002C46D9-C125766A.002D58A2@pl.ibm.com> <cb69cb8f0911101651n65a230b2s43e83b9f3ac0b5c4@mail.gmail.com> <OFA3A039B1.E9A40175-ONC125766C.002C80FF-C125766C.002D85EB@pl.ibm.com> <20091112171118.GJ2762@mathias-10v.mathiaz.net>

Mathias Gug <mathiaz@ubuntu.com> wrote on 11/12/2009 06:13:29 PM: > Mathias Gug <mathiaz@ubuntu.com>
> 11/12/2009 06:13 PM
> > To
> > Tomasz Welman/Poland/IBM@IBMPL
> > cc
> > openldap-technical@openldap.org
> > Subject
> > Re: Problem with ldaps:// when switching from 2.3 to 2.4
> > On Thu, Nov 12, 2009 at 09:17:12AM +0100, Tomasz Welman wrote: > [...] > > > TLS: can't connect: Decryption has failed.. > > ldap_err2string > > ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) > > > > > > The gnutls-cli I've launched 3 times and the error messages differ, look: > > > > [root@darthvader ~]# gnutls-cli --x509cafile /etc/ldap/cacerts/bp.cert -p > > 636 bluepages.ibm.com > > Processed 1 CA certificate(s). > > Resolving 'bluepages.ibm.com'... > > Connecting to '9.17.186.253:636'... > > > > *** Fatal error: A TLS packet with unexpected length was received. > > *** Handshake has failed > > GNUTLS ERROR: A TLS packet with unexpected length was received. > > > > [root@darthvader ~]# gnutls-cli --x509cafile /etc/ldap/cacerts/bp.cert -p > > 636 bluepages.ibm.com > > Processed 1 CA certificate(s). > > Resolving 'bluepages.ibm.com'... > > Connecting to '9.17.186.253:636'... > > > > *** Fatal error: A TLS packet with unexpected length was received. > > *** Handshake has failed > > GNUTLS ERROR: A TLS packet with unexpected length was received. > > > > [root@darthvader ~]# gnutls-cli --x509cafile /etc/ldap/cacerts/bp.cert -p > > 636 bluepages.ibm.com > > Processed 1 CA certificate(s). > > Resolving 'bluepages.ibm.com'... > > Connecting to '9.17.186.253:636'... > > *** Fatal error: Decryption has failed. > > *** Handshake has failed > > GNUTLS ERROR: Decryption has failed. > > > > Seems like there is an error with the gnutls library rather than openldap. > Could you try to connect to the server with openssl s_client instead of > gnutls-cli? >
I did it in order to get this bp.cert. It's working perfectly.

What should I do now?

--
Tomasz 'Trog' Welman
Software Developer
external: 48-12-628-9449
ITN: 34819449
T/L: 9449

IBM SWG Lab, Krakow, Poland
IBM Polska Sp. z o.o. oddział w Krakowie
ul. Armii Krajowej 18 30 -150 Kraków
NIP: 526-030-07-24, KRS 0000012941
Kapitał zakładowy: 33.000.000 PLN

References:
- Problem with ldaps:// when switching from 2.3 to 2.4
  - From: Tomasz Welman <tomasz.welman@pl.ibm.com>
- Re: Problem with ldaps:// when switching from 2.3 to 2.4
  - From: Tomasz Welman <tomasz.welman@pl.ibm.com>
- Re: Problem with ldaps:// when switching from 2.3 to 2.4
  - From: Mathias Gug <mathiaz@ubuntu.com>
- Re: Problem with ldaps:// when switching from 2.3 to 2.4
  - From: Tomasz Welman <tomasz.welman@pl.ibm.com>
- Re: Problem with ldaps:// when switching from 2.3 to 2.4
  - From: Mathias Gug <mathiaz@ubuntu.com>

Prev by Date: Re: logging question - source of queries
Next by Date: unique overlay
Index(es):
- Chronological
- Thread