Hi all!
I have problems using OpenCA to upload certificates on an LDAP Server
(openldap), using TLS port 636. First of all, I have no problems with
clear text port 389. Changing config to use port 636, I get the
following (SSL) error from OpenCA (trying to upload CA cert.):
Adding valid CA-certificates to the LDAP server ...
Certificate 0 FAILED (error 81: LDAP-bind failed: Can't contact LDAP server)
The LDAP Server answers:
...
...
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=11
0000: 30 1d 02 01 01 77 18 80 16 31 2e 0....w...1.
TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
TLS: can't accept.
TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
s23_srvr.c:585
connection_read(10): TLS accept error error=-1 id=5, closing
...
...
The problem seems to be in the version of the SSL/TLS protocol which is
not recognized correctly by the LDAP from the OpenCA handshake request.
I've spent a LOT of time looking for every LDAP configuration file in
OpenCA, and the only variable I found about versions is in ldap.xml (and
is set to 3, as expected to work with TLSv1 = SSLv3).
I'm not posting any configuration file, because I don't really know
which one to post, tell me if I missed some information or if you need
something else...
thanx a lot in advance, diego
--
Diego Quintano
Secure Edge - your safety .net
Via Benedetto Croce, 19 - 00142 Roma
Tel. +39 06 54223164
fax +39 06 5430607
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
