Sorry this is the SERVER error. Its not the SSLv3 issue.
Can't tell if the sever is seeing problems or not ? ldap_pvt_gethostbyname_a: host=fido, r=0 put_filter: "(objectclass=*)" put_filter: simple put_simple_filter: "objectclass=*" ber_scanf fmt (m) ber: connection_get(13): got connid=0 connection_read(13): checking for input on id=0 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A connection_get(13): got connid=0 connection_read(13): checking for input on id=0 TLS trace: SSL_accept:SSLv3 read client key exchange A TLS trace: SSL_accept:SSLv3 read finished A TLS trace: SSL_accept:SSLv3 write change cipher spec A TLS trace: SSL_accept:SSLv3 write finished A TLS trace: SSL_accept:SSLv3 flush data connection_read(13): unable to get TLS client DN error=49 id=0 connection_get(13): got connid=0 connection_read(13): checking for input on id=0 ber_get_next TLS trace: SSL3 alert read:warning:close notify ber_get_next on fd 13 failed errno=0 (Success) connection_read(13): input error=-2 id=0, closing. connection_closing: readying conn=0 sd=13 for close connection_close: conn=0 sd=13 TLS trace: SSL3 alert write:warning:close notify slap_sig_shutdown: signal 2 slap_sig_shutdown: signal 2 daemon: shutdown requested and initiated. slapd shutdown: waiting for 0 threads to terminate slapd shutdown: initiated ====> bdb_cache_release_all slapd shutdown: freeing system resources. ====> bdb_cache_release_all slapd stopped. [EMAIL PROTECTED] openldap]# > -----Original Message----- > From: Ron Wahler > Sent: Tuesday, July 01, 2003 10:59 AM > To: [EMAIL PROTECTED]; Lawrence, Mike (White Plains); > [EMAIL PROTECTED] > Subject: just SSL > > > I still get an error when I set the SSLv3 as an option. > > > Client: cant connect on 636 > > > > Slapd.conf > > ssl yes > port 636 > TLSCipherSuite HIGH:MEDIUM:+SSLv3 > TLSCertificateFile /opt/LocalCA/server_crt.pem > TLSCertificateKeyFile /opt/LocalCA/server_key.pem > TLSCACertificateFile /opt/LocalCA/cacert.pem > TLSVerifyClient never > > > > SERVER: > put_simple_filter: "objectclass=*" > ber_scanf fmt (m) ber: > connection_get(13): got connid=0 > connection_read(13): checking for input on id=0 > TLS trace: SSL_accept:before/accept initialization > TLS trace: SSL_accept:SSLv3 read client hello A > TLS trace: SSL_accept:SSLv3 write server hello A > TLS trace: SSL_accept:SSLv3 write certificate A > TLS trace: SSL_accept:SSLv3 write server done A > TLS trace: SSL_accept:SSLv3 flush data > TLS trace: SSL_accept:error in SSLv3 read client certificate A > TLS trace: SSL_accept:error in SSLv3 read client certificate A > connection_get(13): got connid=0 > connection_read(13): checking for input on id=0 > TLS trace: SSL_accept:SSLv3 read client key exchange A > TLS trace: SSL_accept:SSLv3 read finished A > TLS trace: SSL_accept:SSLv3 write change cipher spec A > TLS trace: SSL_accept:SSLv3 write finished A > TLS trace: SSL_accept:SSLv3 flush data > connection_read(13): unable to get TLS client DN error=49 id=0 > connection_get(13): got connid=0 > connection_read(13): checking for input on id=0 > ber_get_next > TLS trace: SSL3 alert read:warning:close notify > ber_get_next on fd 13 failed errno=0 (Success) > connection_read(13): input error=-2 id=0, closing. > connection_closing: readying conn=0 sd=13 for close > connection_close: conn=0 sd=13 > TLS trace: SSL3 alert write:warning:close notify > slap_sig_shutdown: signal 2 > slap_sig_shutdown: signal 2 > daemon: shutdown requested and initiated. > slapd shutdown: waiting for 0 threads to terminate > slapd shutdown: initiated > ====> bdb_cache_release_all > slapd shutdown: freeing system resources. > ====> bdb_cache_release_all > slapd stopped. > > > -----Original Message----- > > From: Ron Wahler > > Sent: Tuesday, July 01, 2003 10:30 AM > > To: Lawrence, Mike (White Plains); [EMAIL PROTECTED]; > > [EMAIL PROTECTED] > > Subject: RE: TLS / SSL > > > > > > > > Getting this but the client can't connect at port 636 > > > > CLIENT > > m_ldap: setting TLS mode to 1 > > rlm_ldap: bind as cn=Manager,dc=fido,dc=com/secret to 10.0.0.94:636 > > rlm_ldap: cn=Manager,dc=fido,dc=com bind to 10.0.0.94:636 failed: > Can't > > contact LDAP server > > rlm_ldap: (re)connection attempt failed > > > > > > > > SERVER: > > > > ldap_pvt_gethostbyname_a: host=fido, r=0 > > put_filter: "(objectclass=*)" > > put_filter: simple > > put_simple_filter: "objectclass=*" > > ber_scanf fmt (m) ber: > > connection_get(13): got connid=0 > > connection_read(13): checking for input on id=0 > > TLS trace: SSL_accept:before/accept initialization > > TLS trace: SSL_accept:SSLv3 read client hello A > > TLS trace: SSL_accept:SSLv3 write server hello A > > TLS trace: SSL_accept:SSLv3 write certificate A > > TLS trace: SSL_accept:SSLv3 write server done A > > TLS trace: SSL_accept:SSLv3 flush data > > TLS trace: SSL_accept:error in SSLv3 read client certificate A > > TLS trace: SSL_accept:error in SSLv3 read client certificate A > > connection_get(13): got connid=0 > > connection_read(13): checking for input on id=0 > > TLS trace: SSL_accept:SSLv3 read client key exchange A > > TLS trace: SSL_accept:SSLv3 read finished A > > TLS trace: SSL_accept:SSLv3 write change cipher spec A > > TLS trace: SSL_accept:SSLv3 write finished A > > TLS trace: SSL_accept:SSLv3 flush data > > connection_read(13): unable to get TLS client DN error=49 id=0 > > connection_get(13): got connid=0 > > connection_read(13): checking for input on id=0 > > ber_get_next > > TLS trace: SSL3 alert read:warning:close notify > > ber_get_next on fd 13 failed errno=0 (Success) > > connection_read(13): input error=-2 id=0, closing. > > connection_closing: readying conn=0 sd=13 for close > > connection_close: conn=0 sd=13 > > TLS trace: SSL3 alert write:warning:close notify > > > > > > > > > > > > > -----Original Message----- > > > From: Lawrence, Mike (White Plains) > > > [mailto:[EMAIL PROTECTED] > > > Sent: Tuesday, July 01, 2003 9:01 AM > > > To: Ron Wahler > > > Subject: RE: TLS / SSL > > > > > > > > > Hi Ron - I see that error as well and what it means is that > > > the server was unable to get a client certificate. It doesn't > > > need one to do ssl/tls, but it will still give the error if > > > it doesn't have one, so it's basically a noise error and not > > > a big deal unless you do have a client cert and are trying to > > > use it. > > > > > > -----Original Message----- > > > From: Ron Wahler [mailto:[EMAIL PROTECTED] > > > Sent: Monday, June 30, 2003 4:01 PM > > > To: [EMAIL PROTECTED] org > > > Subject: TLS / SSL > > > > > > > > > > > > I am getting the following error when trying to connect > > > From FreeRadius to OpenLDAP on SSL port 636. Is there > > > Something here I can look at in the configuration files? > > > > > > Ron. > > > > > > > > > > > > connection_get(13): got connid=0 > > > connection_read(13): checking for input on id=0 > > > TLS trace: SSL_accept:SSLv3 read client key exchange A > > > TLS trace: SSL_accept:SSLv3 read finished A > > > TLS trace: SSL_accept:SSLv3 write change cipher spec A > > > TLS trace: SSL_accept:SSLv3 write finished A > > > TLS trace: SSL_accept:SSLv3 flush data > > > connection_read(13): unable to get TLS client DN error=49 id=0 > > > connection_get(13): got connid=0 > > > connection_read(13): checking for input on id=0 > > > ber_get_next > > > TLS trace: SSL3 alert read:warning:close notify > > > ber_get_next on fd 13 failed errno=0 (Success) > > > connection_read(13): input error=-2 id=0, closing. > > > connection_closing: readying conn=0 sd=13 for close > > > connection_close: conn=0 sd=13 > > > TLS trace: SSL3 alert write:warning:close notify > > > > > > > > > This electronic message transmission contains information from the > > Company > > > that may be proprietary, confidential and/or privileged. > > > The information is intended only for the use of the individual(s) or > > > entity named above. If you are not the intended recipient, be > > > aware that any disclosure, copying or distribution or use of the > > contents > > > of this information is prohibited. If you have received > > > this electronic transmission in error, please notify the sender > > > immediately by replying to the address listed in the "From:" field. > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
