Problem s openldap + ssl

Petr Vyhnal konfera na simerion.net
Středa Duben 20 21:59:27 CEST 2005 

Zdravicko,

konecne jsem se dokopal k dlouho planovanemu rozjeti LDAPu. Zda se, ze 
vse bezi jak ma, pouze pristup pres SSL se mi nedari navazat. Vzdycky to 
zkonci na "tls_read: want=5 error=Resource temporarily unavailable" a 
nemuyu prijit na to proc. Nesetkal jste se s tim nekdo?

Diky Rudiik

OpenLDAP 2.1.25-6mdk
OpenSSL 0.9.7c-3.1.100mdk

nastaveni TLS/SSL v slapd.conf:

TLSCipherSuite          HIGH:MEDIUM:+SSLv3
TLSCertificateFile      /etc/ssl/openldap/cert.pem
TLSCertificateKeyFile   /etc/ssl/openldap/key.pem
TLSCACertificateFile    /etc/ssl/cacert.pem
TLSVerifyClient never

log pri pripojeni pres ssl:

connection_get(15)
connection_get(15): got connid=1
connection_read(15): checking for input on id=1
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=11
  0000:  80 4c 01 03 01 00 33 00  00 00 10                  .L....3....
tls_read: want=67, got=67
  0000:  00 00 04 00 00 05 00 00  0a 01 00 80 07 00 c0 03   ................
  0010:  00 80 00 00 09 06 00 40  00 00 64 00 00 62 00 00   ....... na ..d..b..
  0020:  03 00 00 06 02 00 80 04  00 80 00 00 13 00 00 12   ................
  0030:  00 00 63 c9 d6 b6 b6 25  b6 d7 d9 20 a4 06 a1 ba   ..c....%... ....
  0040:  c6 a6 4c                                           ..L
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
tls_write: want=1168, written=1168
  0000:  16 03 01 00 4a 02 00 00  46 03 01 42 66 b1 75 a7   ....J...F..Bf.u.
  ...
  0480:  99 3e 1f bf 68 16 ad 16  03 01 00 04 0e 00 00 00   .>..h...........
TLS trace: SSL_accept:SSLv3 flush data
tls_read: want=5 error=Resource temporarily unavailable
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
daemon: select: listen=9 active_threads=0 tvp=NULL
daemon: select: listen=10 active_threads=0 tvp=NULL
daemon: select: listen=11 active_threads=0 tvp=NULL
daemon: select: listen=12 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 15r
daemon: read activity on 15
connection_get(15)
connection_get(15): got connid=1
connection_read(15): checking for input on id=1
tls_read: want=5, got=0

TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept.
connection_read(15): TLS accept error error=-1 id=1, closing
connection_closing: readying conn=1 sd=15 for close
connection_close: conn=1 sd=15
daemon: removing 15

Další informace o konferenci Linux