Richard A Nelson <[EMAIL PROTECTED]> writes: > breaks slapd (ldap caching), ldapsearch, mutt, andanything else > linked against the gnutls library. > > While investigating why my slapd ldap caching wasn't working - and > remote ldap authentication started failing, I found this in the > ldapsearch debug output: > TLS: can't connect: A TLS packet with unexpected length was received.. > > To isolate the problem source, I installed gnutls-bin and compared > gnutlts-cli and openssl s_client output: > > $ gnutls-cli -p 636 bluepages.ibm.com > Resolving 'bluepages.ibm.com'... > Connecting to '9.17.186.253:636'... > *** Fatal error: A TLS packet with unexpected length was received. > *** Handshake has failed > GNUTLS ERROR: A TLS packet with unexpected length was received > > $ openssl s_client -connect bluepages.ibm.com:636 > CONNECTED(00000003) > depth=1 /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification > Authority > verify error:num=19:self signed certificate in certificate chain > verify return:0 > ... > > $ gnutls-cli -p 443 w3.ibm.com > Resolving 'w3.ibm.com'... > Connecting to '9.17.137.11:443'... > *** Fatal error: A TLS packet with unexpected length was received. > *** Handshake has failed > GNUTLS ERROR: A TLS packet with unexpected length was received. > > $ openssl s_client -connect w3.ibm.com:443 > CONNECTED(00000003) > depth=1 /C=US/O=Equifax/OU=Equifax Secure Certificate Authority > verify error:num=19:self signed certificate in certificate chain > verify return:0 > ...
I can't seem to be able to connect to these sites at all -- they don't exist in the global DNS, and the IP addresses aren't routable. Can you reproduce this using some public servers as well? /Simon [EMAIL PROTECTED]:~$ gnutls-cli -p 636 bluepages.ibm.com Resolving 'bluepages.ibm.com'... Cannot resolve bluepages.ibm.com:636: Name or service not known [EMAIL PROTECTED]:~$ gnutls-cli -p 636 9.17.186.253 Resolving '9.17.186.253'... Connecting to '9.17.186.253:636'... Cannot connect to 9.17.186.253:636: Network is unreachable [EMAIL PROTECTED]:~$ gnutls-cli -p 443 w3.ibm.com Resolving 'w3.ibm.com'... Cannot resolve w3.ibm.com:443: Name or service not known [EMAIL PROTECTED]:~$ gnutls-cli -p 443 9.17.137.11 Resolving '9.17.137.11'... Connecting to '9.17.137.11:443'... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
