ldapsearch doesn't seem to have any issues.  I went from master to consumer, 
consumer to master, and consumer to consumer.  Returns data.  Here's the TLS 
lines from debugging:

TLS trace: SSL_connect:before SSL initialization
TLS trace: SSL_connect:SSLv3/TLS write client hello
TLS trace: SSL_connect:SSLv3/TLS write client hello
TLS trace: SSL_connect:SSLv3/TLS read server hello
TLS trace: SSL_connect:TLSv1.3 read encrypted extensions
TLS trace: SSL_connect:SSLv3/TLS read server certificate request
TLS certificate verification: depth: 3, err: 0, subject: /C=US/ST=New 
Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification 
Authority, issuer: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST 
Network/CN=USERTrust RSA Certification Authority
TLS certificate verification: depth: 2, err: 0, subject: /C=GB/O=Sectigo 
Limited/CN=Sectigo Public Server Authentication Root R46, issuer: /C=US/ST=New 
Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification 
Authority
TLS certificate verification: depth: 1, err: 0, subject: /C=US/O=InCommon, 
LLC/CN=InCommon RSA OV SSL CA 3, issuer: /C=GB/O=Sectigo Limited/CN=Sectigo 
Public Server Authentication Root R46
TLS certificate verification: depth: 0, err: 0, subject: /C=US/ST=New 
Jersey/O=Rutgers, The State University of New 
Jersey/CN=idm-ldap-abusec101-prod-asb.ei.rutgers.edu, issuer: /C=US/O=InCommon, 
LLC/CN=InCommon RSA OV SSL CA 3
TLS trace: SSL_connect:SSLv3/TLS read server certificate
TLS trace: SSL_connect:TLSv1.3 read server certificate verify
TLS trace: SSL_connect:SSLv3/TLS read finished
TLS trace: SSL_connect:SSLv3/TLS write change cipher spec
TLS trace: SSL_connect:SSLv3/TLS write client certificate
TLS trace: SSL_connect:SSLv3/TLS write finished
TLS trace: SSL_connect:SSL negotiation finished successfully
TLS trace: SSL_connect:SSL negotiation finished successfully
TLS trace: SSL_connect:SSLv3/TLS read server session ticket
TLS trace: SSL_connect:SSL negotiation finished successfully
TLS trace: SSL_connect:SSL negotiation finished successfully
TLS trace: SSL_connect:SSLv3/TLS read server session ticket
TLS trace: SSL3 alert write:warning:close notify

Nothing odd in the rest of the output.  The only thing that is failing is 
replication.

Also, tls_reqcert settings are similar, either demand or try in both slapd.conf 
and ldap.conf.

-ds

Reply via email to