Openldap Tls Error 5938
Contents |
with Openldap 2.4.23 Issues related to applications and software problems Post Reply Print view Search Advanced search 10 moznss error -5938 posts • Page 1 of 1 dchrist Posts: 5 Joined:
Tls Error -8157:certificate Extension Not Found
2011/12/02 22:44:15 Issues using startTLS with Openldap 2.4.23 Quote Postby dchrist » 2011/12/02 23:37:06 Hello,I am tls error 8157 certificate extension not found running the latest version of openldap server 2.4.23. When I try to connect to my ldap server using startTLS I get errors. I am able to connect tls: cannot open certdb '/etc/openldap/cacerts', error -8018:unknown pkcs #11 error. with out using tls.Here is the out put from ldapsearch.Code: Select allldapsearch -LL -d1 -v -x -W -D 'cn=Manager,dc=localdomain,dc=com' -H ldap://localhost -ZZ '(cn=*)'
ldap_url_parse_ext(ldap://localhost)
ldap_initialize( ldap://localhost:389/??base )
ldap_create
ldap_url_parse_ext(ldap://localhost:389/??base)
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
Additional Info Tls Error 8157 Certificate Extension Not Found
/>ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({) ber:
ber_flush2: 31 bytes to sd 3
ldap_result ld 0x24a1320 msgid 1
wait4msg ld 0x24a1320 msgid 1 (infinite timeout)
wait4msg continue ld 0x24a1320 msgid 1 all 1
ld 0x24a1320 Connections:
host: localhost port: 389 (default)
refcnt: 2 status: Connected
last used: Fri Dec 2 23:03:53 2011
ld 0x24a1320 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x24a1320 request count 1 (abandoned 0)
ld 0x24a1320 Response Queue:
Empty
ld 0x24a1320 response count 0
ldap_chkResponseList ld 0x24a1320 msgid 1 all 1
ldap_chkResponseList returns ld 0x24a1320 NULL
ldap_int_select
read1msg: ld 0x24a1320 msgid 1 all 1
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
read1msg: ld 0x24a1320 msgid 1 message type extended-result
ber_scanf fmt ({eAA) ber:
read1msg: ld 0x24a1320 0 new referrals
read1msg: mark request completed, ld 0x24a1320 msgid 1
request done: ld 0x24a1320 msgid 1
res_errno: 0, res_error: , res_matched:
ldap_free_request (origid 1, msgi
Feb 2012 13:34:28 -0700 Accept-language: en-US Acceptlanguage: en-US Content-language: en-US Domainkey-signature: s=donder.nssi; d=telus.com; c=nofws; q=dns; h=X-IronPort-Anti-Spam-Filtered: X-IronPort-Anti-Spam-Result:X-IronPort-AV:Received: Received:From:To:Date:Subject:Thread-Topic:Thread-Index: Message-ID:Accept-Language:Content-Language: tls: error: tlsm_pr_recv returned 0 - error 21:is a directory X-MS-Has-Attach:X-MS-TNEF-Correlator:x-cr-hashedpuzzle: x-cr-puzzleid:acceptlanguage:Content-Type:MIME-Version; b=c8534S4BUXTmvik57+0nzepSx129TvpgTvnnE+MgBS0EtR/M0ZtQC7YO 7cD7ULgz1oKdvx3LSIuj3mr/4vtAJa6syEnS0yVBeUu+HIn9oNOxw4Zv/ +uIfqxP5amLRU3AgsBa+4LDP1EnWnn0CfD4STGAiTFIFxqoDJNWBhdiTq U=; Thread-index: AczyaooaahJ2NM2MR1yU0X9/HRFO5Q== Thread-topic: tlsm_pr_recv returned 0 - error 22:invalid argument SSL handshake failure Hi, I can't get slapd to respond successfully
"tls: Error: Connect - Force Handshake Failure: Errno 0 - Moznss Error -5938'
to TLS or SSL connections using an RSA 2048-bit PEM certificate: $ ldapsearch -x -ZZ -d1 -H ldap://FQDNhostname TLS: http://www.centos.org/forums/viewtopic.php?t=5175 loaded CA certificate file /etc/openldap/cacerts/FQDNhostname.cacert.pem. TLS: error: tlsm_PR_Recv returned 0 - error 21:Is a directory TLS: error: connect - force handshake failure: errno 21 - moznss error -5938 TLS: can't connect: TLS error -5938:Encountered end of file. ldap_err2string ldap_start_tls: Connect error http://www.openldap.org/lists/openldap-technical/201202/msg00359.html (-11) additional info: TLS error -5938:Encountered end of file $ openssl s_client -connect FQDNhostname:636 -CAfile /etc/openldap/cacerts/FQDNhostname.cacert.pem CONNECTED(00000003) 140457427965768:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 113 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- The following packages are installed on CentOS 6.2: openldap-servers-2.4.23-20.el6.x86_64 openldap-2.4.23-20.el6.x86_64 openldap-clients-2.4.23-20.el6.x86_64 openssl-1.0.0-20.el6_2.1.x86_64 openssl-devel-1.0.0-20.el6_2.1.x86_64 gnutls-2.8.5-4.el6.x86_64 gnutls-devel-2.8.5-4.el6.x86_64 nss-pam-ldapd-0.7.5-14.el6_2.1.x86_64 The /etc/openldap/ldap.conf file contains: TLS_CACERT /etc/openldap/cacerts/FQDNhostname.cacert.pem , which contains a chain of three certificates (root CA, intermediate/functional, and issuing). The /etc/openldap/slapd.conf file contains: TLSCipherSuite HIGH:+SSLv3 TLSCertificateFile /etc/openldap/FQDNhostname.cert.pem TLSCertificateKeyFile /etc/openldap/FQDNhostname.key.pem The server is acting
Authentication-results: mr.google.com; spf=pass (google.com: http://www.openldap.org/lists/openldap-technical/201202/msg00365.html domain of rich.megginson@gmail.com designates 10.229.77.78 as permitted sender) smtp.mail=rich.megginson@gmail.com; dkim=pass header.i=rich.megginson@gmail.com Cc: "openldap-technical@openldap.org"
Red Hat Certificate System Red Hat Satellite Subscription Asset Manager Red Hat Update Infrastructure Red Hat Insights Ansible Tower by Red Hat Cloud Computing Back Red Hat CloudForms Red Hat OpenStack Platform Red Hat Cloud Infrastructure Red Hat Cloud Suite Red Hat OpenShift Container Platform Red Hat OpenShift Online Red Hat OpenShift Dedicated Storage Back Red Hat Gluster Storage Red Hat Ceph Storage JBoss Development and Management Back Red Hat JBoss Enterprise Application Platform Red Hat JBoss Data Grid Red Hat JBoss Web Server Red Hat JBoss Portal Red Hat JBoss Operations Network Red Hat JBoss Developer Studio JBoss Integration and Automation Back Red Hat JBoss Data Virtualization Red Hat JBoss Fuse Red Hat JBoss A-MQ Red Hat JBoss BPM Suite Red Hat JBoss BRMS Mobile Back Red Hat Mobile Application Platform Services Back Consulting Technical Account Management Training & Certifications Red Hat Enterprise Linux Developer Program Support Get Support Production Support Development Support Product Life Cycle & Update Policies Knowledge Search Documentation Knowledgebase Videos Discussions Ecosystem Browse Certified Solutions Overview Partner Resources Tools Back Red Hat Insights Learn More Red Hat Access Labs Explore Labs Configuration Deployment Troubleshooting Security Additional Tools Red Hat Access plug-ins Red Hat Satellite Certificate Tool Security Back Product Security Center Security Updates Security Advisories Red Hat CVE Database Security Labs Resources Overview Security Blog Security Measurement Severity Ratings Backporting Policies Product Signing (GPG) Keys Community Back Discussions Red Hat Enterprise Linux Red Hat Virtualization Red Hat Satellite Customer Portal Private Groups All Discussions Start a Discussion Blogs Customer Portal Red Hat Product Security Red Hat Access Labs Red Hat Insights All Blogs Events Customer Events Red Hat Summit Stories Red Hat Subscription Benefits You Asked. We Acted. Open Source Communities Subscriptions Downloads Support Cases Account Back Log In Register Red Hat Account Number: Account Details Newsletter and Contact Preferences User Management Account Maintenance My Profile Notifications Help Log Out Language Back English español Deutsch italiano 한국어 français 日本語 português 中文 (中国) русский Customer Portal Search Products & Services Back View All Products Infrastructure