[Bug 71884] Re: fails to install
* Stopping MySQL database server mysqld [ OK ] * Reloading AppArmor profiles ... [ OK ] * Starting MySQL database server mysqld [fail] invoke-rc.d: initscript mysql, action start failed. dpkg: error al procesar mysql-server-5.0 (--configure): el subproceso post-installation script devolvió el código de salida de error 1 Configurando libhtml-template-perl (2.9-1) ... dpkg: problemas de dependencias impiden la configuración de mysql-server: mysql-server depende de mysql-server-5.0; sin embargo: El paquete `mysql-server-5.0' no está configurado todavía. dpkg: error al procesar mysql-server (--configure): problemas de dependencias - se deja sin configurar No se ha escrito ningún informe de Apport porque el mensaje de error indica que es un error proveniente de un fallo anterior. Se encontraron errores al procesar: mysql-server-5.0 mysql-server E: Sub-process /usr/bin/dpkg returned an error code (1) -- fails to install https://bugs.launchpad.net/bugs/71884 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.0 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 217159] Re: slapd + gnutls fails
Unfortunately I've decommissioned the machine. However I do know that I didn't manually specify any TLSCipherSuite directives in the slapd.conf. The hardy slapd.conf man (5) file still references the TLSCipherSuite format accepted by OpenSSL (e.g.: TLSCipherSuite HIGH:MEDIUM:+SSLv2), which caused slapd to fail in start as GnuTLS doesn't support this format. As such I removed the directive (allowing all ciphers supported by GnuTLS) which would allow slapd to start. Similarly my ldap.conf didn't specify any cipher suite, and the gnutls- cli testing above didn't either. If I get time I will attempt to rebuild and retest from where I left off. -- slapd + gnutls fails https://bugs.launchpad.net/bugs/217159 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 217159] Re: slapd + gnutls fails
As above: client: ldapsearch -x -H ldaps://localhost:636 -D *** -w *** server: slap_listener(ldaps:///) connection_get(13): got connid=1 connection_read(13): checking for input on id=1 connection_read(13): TLS accept failure error=-1 id=1, closing connection_closing: readying conn=1 sd=13 for close connection_close: conn=1 sd=13 That was running slapd with -d3. Do you require more detailed than that? -- slapd + gnutls fails https://bugs.launchpad.net/bugs/217159 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 217159] Re: slapd + gnutls fails
Oh, and the gnutls-cli stuff: I opened the listening server with: gnutls-serv --x509cafile my_ca.cer --x509keyfile myclient.pem --x509certfile myclient.cer It returns: Set static Diffie Hellman parameters, consider --dhparams. Processed 1 CA certificate(s). Echo Server ready. Listening to port '5556'. I connected to the gnutls-serv with: gnutls-cli --x509cafile my_ca.cer --x509keyfile myclient.pem --x509certfile myclient.cer -p 5556 servername.mydomain.tld Similarly, I connected to Apache with gnutls-cli --x509cafile my_ca.cer --x509keyfile myclient.pem --x509certfile myclient.cer -p 443 servername.mydomain.tld And slapd with: gnutls-cli --x509cafile my_ca.cer --x509keyfile myclient.pem --x509certfile myclient.cer -p 636 servername.mydomain.tld Ports are listening and verified with netstat -plutn. Tests were run on both localhost, and from another machine with copies of the certs. No firewalls are in place, and iptables is set to ACCEPT on all policies with no other rules in place. As above, I get successful returns from Apache-SSL and gnutls-serv. I get a failure from slapd. If you need more detail or other tests, please let me know and I'll run them. -- slapd + gnutls fails https://bugs.launchpad.net/bugs/217159 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 217159] Re: slapd + gnutls fails
This is run with: /usr/sbin/slapd -h ldaps:/// -g openldap -u openldap -f /etc/ldap/slapd.conf -d15 Connecting from either ldapsearch -x -H ldaps://... or gnutls-cli, slapd returns: slap_listener(ldaps:///) daemon: listen=8, new connection on 13 daemon: added 13r (active) listener=(nil) daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero daemon: activity on 1 descriptor daemon: activity on: 13r daemon: read active on 13 daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero connection_get(13) connection_get(13): got connid=0 connection_read(13): checking for input on id=0 tls_read: want=5, got=5 : 16 03 02 00 4d M tls_read: want=77, got=77 : 01 00 00 49 03 02 49 a7 3e 1c 36 94 5c 6e cb ce ...I..I..6.\n.. 0010: 5a ee 9c 8e af cd aa dd a2 9a 53 48 db 0a bd 00 Z.SH 0020: 32 9e f4 e2 1a c9 00 00 18 00 39 00 33 00 16 00 2.9.3... 0030: 38 00 32 00 13 00 66 00 35 00 2f 00 0a 00 05 00 8.2...f.5./. 0040: 04 02 01 00 00 07 00 09 00 03 02 00 01. TLS: can't accept: Could not negotiate a supported cipher suite.. connection_read(13): TLS accept failure error=-1 id=0, closing connection_closing: readying conn=0 sd=13 for close daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero connection_close: conn=0 sd=13 daemon: removing 13 -- slapd + gnutls fails https://bugs.launchpad.net/bugs/217159 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 217159] Re: slapd + gnutls fails
I am also having problems with Hardy slapd 2.4.9-0ubuntu0.8.04.2 and TLS. It seems OpenLDAP on Hardy is now compiled against GnuTLS, and not OpenSSL as it was in old versions. I've created x509 certificates and signed them against our company CA. These work perfectly for Apache on Hardy (adding the CA cert to by browser shows connection to Apache as working and verified). Experiments with gnutls-cli show the following: 1) Connecting to Apache on port 443 shows TLS success, connected via TLS 1.0: Processed 1 CA certificate(s). Processed 1 client certificates... Processed 1 client X.509 certificates... Resolving '***'... Connecting to '10.1.2.100:443'... - Certificate type: X.509 - Got a certificate list of 2 certificates. - Certificate[0] info: # The hostname in the certificate matches '***'. # valid since: Fri Feb 6 14:36:14 EST 2009 # expires at: Sun Feb 6 14:36:14 EST 2011 # fingerprint: 7E:C2:AF:1B:75:7A:CB:0F:17:A6:10:8C:8B:1C:52:2B # Subject's DN: *** # Issuer's DN: *** - Certificate[1] info: # valid since: Tue Dec 5 13:42:33 EST 2006 # expires at: Mon Dec 5 13:49:02 EST 2011 # fingerprint: D5:63:08:F0:9C:E2:BB:47:35:EF:06:15:EF:54:DA:D8 # Subject's DN: *** # Issuer's DN: *** - Peer's certificate is trusted - Version: TLS 1.0 - Key Exchange: DHE RSA - Cipher: AES 256 CBC - MAC: SHA - Compression: DEFLATE - Handshake was completed 2) Connection to gnutls-serv on port 5556 shows TLS success, connected via TLS 1.1 Processed 1 CA certificate(s). Processed 1 client certificates... Processed 1 client X.509 certificates... Resolving '***'... Connecting to '10.1.2.100:5556'... - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: # The hostname in the certificate matches '***'. # valid since: Fri Feb 6 14:36:14 EST 2009 # expires at: Sun Feb 6 14:36:14 EST 2011 # fingerprint: 7E:C2:AF:1B:75:7A:CB:0F:17:A6:10:8C:8B:1C:52:2B # Subject's DN: *** # Issuer's DN: *** - Peer's certificate is trusted - Version: TLS 1.1 - Key Exchange: DHE RSA - Cipher: AES 256 CBC - MAC: SHA - Compression: DEFLATE - Handshake was completed - Simple Client Mode: 3) Connection to slapd on ldaps:// port 636 shows: Processed 1 CA certificate(s). Processed 1 client certificates... Processed 1 client X.509 certificates... Resolving '***'... Connecting to '10.1.2.100:636'... *** Fatal error: A TLS packet with unexpected length was received. *** Handshake has failed GNUTLS ERROR: A TLS packet with unexpected length was received. Using ldapsearch on plain-text ldap:/// port 389 works fine. ldapsearch on ldaps:/// returns errors. Running slapd in debug mode shows various errors, including similar TLS packet of unexpected length errors: client: ldapsearch -x -H ldaps://localhost:636 -D *** -w *** server: slap_listener(ldaps:///) connection_get(13): got connid=1 connection_read(13): checking for input on id=1 connection_read(13): TLS accept failure error=-1 id=1, closing connection_closing: readying conn=1 sd=13 for close connection_close: conn=1 sd=13 -- slapd + gnutls fails https://bugs.launchpad.net/bugs/217159 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
