[Bug 1534230] Re: LDAP TLS connection stopped working

Francois Tamone Tue, 26 Jan 2016 09:56:50 -0800

Hello Seth,
openssl s_client -connect... gets an error before a ciphersuite is indicated:



#openssl s_client -connect ldapserver:389 -tls1_2
CONNECTED(00000003)
140032666195616:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake 
failure:s3_pkt.c:598
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1453829896
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---


Meanwhile on the slapd -d -1 debugging side the error is "Result too large" for 
function ber_get_next():

56a7af08 daemon: waked
56a7af08 daemon: select: listen=6 active_threads=0 tvp=NULL
56a7af08 daemon: select: listen=7 active_threads=0 tvp=NULL
56a7af08 daemon: activity on 1 descriptor
56a7af08 daemon: activity on:56a7af08  11r56a7af08 
56a7af08 daemon: read activity on 11
56a7af08 daemon: select: listen=6 active_threads=0 tvp=NULL
56a7af08 connection_get(11)
56a7af08 daemon: select: listen=7 active_threads=0 tvp=NULL
56a7af08 connection_get(11): got connid=1000
56a7af08 connection_read(11): checking for input on id=1000
ber_get_next
ldap_read: want=8, got=8
  0000:  16 03 01 01 22 01 00 01                            ...."...          
56a7af08 ber_get_next on fd 11 failed errno=34 (Result too large)
56a7af08 connection_read(11): input error=-2 id=1000, closing.
56a7af08 connection_closing: readying conn=1000 sd=11 for close
56a7af08 daemon: activity on 1 descriptor
56a7af08 connection_close: conn=1000 sd=11
56a7af08 daemon: waked
56a7af08 daemon: select: listen=6 active_threads=0 tvp=NULL
56a7af08 daemon: select: listen=7 active_threads=0 tvp=NULL
56a7af08 daemon: removing 11
56a7af08 conn=1000 fd=11 closed (connection lost)


I tried several values for TLSCipherSuite in slapd.conf, but to no success yet. 
I will try some more.

Thanks for your help.

François

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1534230

Title:
  LDAP TLS connection stopped working

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1534230/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1534230] Re: LDAP TLS connection stopped working

Reply via email to