Problem s openldap + ssl
Petr Vyhnal
konfera na simerion.net
Středa Duben 20 21:59:27 CEST 2005
Zdravicko,
konecne jsem se dokopal k dlouho planovanemu rozjeti LDAPu. Zda se, ze
vse bezi jak ma, pouze pristup pres SSL se mi nedari navazat. Vzdycky to
zkonci na "tls_read: want=5 error=Resource temporarily unavailable" a
nemuyu prijit na to proc. Nesetkal jste se s tim nekdo?
Diky Rudiik
OpenLDAP 2.1.25-6mdk
OpenSSL 0.9.7c-3.1.100mdk
nastaveni TLS/SSL v slapd.conf:
TLSCipherSuite HIGH:MEDIUM:+SSLv3
TLSCertificateFile /etc/ssl/openldap/cert.pem
TLSCertificateKeyFile /etc/ssl/openldap/key.pem
TLSCACertificateFile /etc/ssl/cacert.pem
TLSVerifyClient never
log pri pripojeni pres ssl:
connection_get(15)
connection_get(15): got connid=1
connection_read(15): checking for input on id=1
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=11
0000: 80 4c 01 03 01 00 33 00 00 00 10 .L....3....
tls_read: want=67, got=67
0000: 00 00 04 00 00 05 00 00 0a 01 00 80 07 00 c0 03 ................
0010: 00 80 00 00 09 06 00 40 00 00 64 00 00 62 00 00 ....... na ..d..b..
0020: 03 00 00 06 02 00 80 04 00 80 00 00 13 00 00 12 ................
0030: 00 00 63 c9 d6 b6 b6 25 b6 d7 d9 20 a4 06 a1 ba ..c....%... ....
0040: c6 a6 4c ..L
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
tls_write: want=1168, written=1168
0000: 16 03 01 00 4a 02 00 00 46 03 01 42 66 b1 75 a7 ....J...F..Bf.u.
...
0480: 99 3e 1f bf 68 16 ad 16 03 01 00 04 0e 00 00 00 .>..h...........
TLS trace: SSL_accept:SSLv3 flush data
tls_read: want=5 error=Resource temporarily unavailable
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
daemon: select: listen=9 active_threads=0 tvp=NULL
daemon: select: listen=10 active_threads=0 tvp=NULL
daemon: select: listen=11 active_threads=0 tvp=NULL
daemon: select: listen=12 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 15r
daemon: read activity on 15
connection_get(15)
connection_get(15): got connid=1
connection_read(15): checking for input on id=1
tls_read: want=5, got=0
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept.
connection_read(15): TLS accept error error=-1 id=1, closing
connection_closing: readying conn=1 sd=15 for close
connection_close: conn=1 sd=15
daemon: removing 15
Další informace o konferenci Linux