[Fedora-directory-users] cleint problems with ssl and tls
Marco Strullato
marco.strullato at gmail.com
Fri Sep 7 08:10:58 UTC 2007
Hi all!
I have a problem with ldap and ssl:
I set up the fedora directory server with ssl following this link:
http://directory.fedoraproject.org/wiki/Howto:SSL
The problem is client authentication: I mean when I do an ldapsearch I get
"SSL connection already established" but I don't have any other connection
to between client and server (check with netstat).
What do you suggest me?
Thanks
Marco
logs from the FDS server are:
[07/Sep/2007:10:04:09 +0200] conn=10 fd=68 slot=68 SSL connection from
<ip_src> to <ip_dst>
[07/Sep/2007:10:04:09 +0200] conn=10 SSL 256-bit AES
[07/Sep/2007:10:04:09 +0200] conn=10 op=0 EXT oid="1.3.6.1.4.1.1466.20037"
name="startTLS"
[07/Sep/2007:10:04:09 +0200] conn=10 op=0 RESULT err=1 tag=120 nentries=0
etime=0
[07/Sep/2007:10:04:09 +0200] conn=10 op=-1 fd=68 closed - B1
from client:
ldap_create
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldaps_vm02_admin:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying <ip_server>:636
ldap_connect_timeout: fd: 3 tm: -1 async: 0
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 1, err: 0, subject: /C=IT/O=<......>
TLS certificate verification: depth: 0, err: 0, subject: /C=IT/O=<......>
TLS trace: SSL_connect:SSLv3 read server certificate A
TLS trace: SSL_connect:SSLv3 read server certificate request A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client certificate A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
TLS trace: SSL_connect:SSLv3 flush data
TLS trace: SSL_connect:SSLv3 read finished A
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({) ber:
ber_flush: 31 bytes to sd 3
ldap_result ld 0x80bc048 msgid 1
ldap_chkResponseList ld 0x80bc048 msgid 1 all 1
ldap_chkResponseList returns ld 0x80bc048 NULL
wait4msg ld 0x80bc048 msgid 1 (infinite timeout)
wait4msg continue ld 0x80bc048 msgid 1 all 1
** ld 0x80bc048 Connections:
* host: ldaps_vm02_admin port: 636 (default)
refcnt: 2 status: Connected
last used: Fri Sep 7 10:05:20 2007
** ld 0x80bc048 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
** ld 0x80bc048 Response Queue:
Empty
ldap_chkResponseList ld 0x80bc048 msgid 1 all 1
ldap_chkResponseList returns ld 0x80bc048 NULL
ldap_int_select
read1msg: ld 0x80bc048 msgid 1 all 1
ber_get_next
ber_get_next: tag 0x30 len 71 contents:
read1msg: ld 0x80bc048 msgid 1 message type extended-result
ber_scanf fmt ({eaa) ber:
read1msg: ld 0x80bc048 0 new referrals
read1msg: mark request completed, ld 0x80bc048 msgid 1
request done: ld 0x80bc048 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection 0 1
ldap_free_connection: refcnt 1
ldap_parse_extended_result
ber_scanf fmt ({eaa) ber:
ber_scanf fmt (a) ber:
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (x) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldap_perror
ldap_start_tls: Operations error (1)
additional info: SSL connection already established
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20070907/97dbeaac/attachment.htm>
More information about the Fedora-directory-users
mailing list