[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
- To: openldap-technical@openldap.org
- Subject: TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
- From: Martin Jungowski <martin@rhm.de>
- Date: Wed, 15 Dec 2010 22:27:23 +0000 (UTC)
- User-agent: Pan/0.133 (House of Butterflies)
Hi everybody,
I'm trying to run OpenLDAP 2.2.13 on a CentOS 4.8 box with TLS/SSL
enabled. Certificate should be ok (fqdn set as common name!), self-signed
since I can't copy a cacert file to all clients that will one day have to
connect to the server (among others a few iPhones).
"openssl x509 -in slapd.pem -noout -text" returns the correct contents
of the certificate, "openssl s_client -connect localhost:636 -showcerts"
works too (although it does hang at the end right after "---" which I
guess is normal.. haven't left it running for 300 seconds yet). However,
whenever trying to connect to my LDAP server through port 636 I get the
above error message. The full message when performing "ldapsearch -x -h
localhost:636 -b dc=home" (no difference if I replace localhost with the
fqdn):
> daemon: activity on 1 descriptors
> daemon: new connection on 10
> daemon: added 10r
> daemon: activity on:
> daemon: select: listen=6 active_threads=0 tvp=NULL
> daemon: select: listen=7 active_threads=0 tvp=NULL
> daemon: activity on 1 descriptors
> daemon: activity on: 10r
> daemon: read activity on 10
> connection_get(10): got connid=7
> connection_read(10): checking for input on id=7
> TLS trace: SSL_accept:before/accept initialization
> TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
> TLS: can't accept.
> TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
protocol s23_srvr.c:580
> connection_read(10): TLS accept error error=-1 id=7, closing
> connection_closing: readying conn=7 sd=10 for close
> connection_close: conn=7 sd=10
> daemon: removing 10
> daemon: select: listen=6 active_threads=0 tvp=NULL
> daemon: select: listen=7 active_threads=0 tvp=NULL
> daemon: activity on 1 descriptors
> daemon: select: listen=6 active_threads=0 tvp=NULL
> daemon: select: listen=7 active_threads=0 tvp=NULL
Same error message when trying to connect with jxplorer or Thunderbird.
Any ideas what else I could try? I've tried various ways of creating a
certificate, including both the CentOS recommended "make slapd.pem" in /
usr/share/ssl/certs and the "openssl" way but neither made any
difference. They all resulted in the exact same error pattern. Frankly,
I'm out of ideas.
Thanks in advance,
Martin
--
Rieke Computersysteme GmbH
Hellerholz 5
D-82061 Neuried
Email: martin[at]rhm[dot]de