[Pkg-openldap-devel] Bug#502547: Bug#502547: libldap-2.4-2: client libldap doesn't send TLS certificate
bugs at shiva.hostoffice.hu
bugs at shiva.hostoffice.hu
Fri Oct 17 17:30:29 UTC 2008
Quanah Gibson-Mount wrote:
> --On Friday, October 17, 2008 6:21 PM +0200 Mayer Gabor
> <bugs at shiva.hostoffice.hu> wrote:
>
>> Package: libldap-2.4-2
>> Version: 2.4.11-1
>> Severity: normal
>>
>> server slapd.conf:
>> TLSCACertificateFile /etc/ldap/server.crt
>> TLSCertificateFile /etc/ldap/server.crt
>> TLSCertificateKeyFile /etc/ldap/server.key
>> TLSVerifyClient true
>>
>> client ldap.conf:
>> BASE dc=example,dc=org
>> URI ldaps://ldap.example.org
>> TLS_CACERT /etc/ldap/server.crt
>> TLS_CERT /etc/ldap/server.crt
>> TLS_KEY /etc/ldap/server.key
>>
>> client log:
>> ldapsearch -d 255 -x
>> TLS: can't connect: A TLS fatal alert has been received..
>> ldap_err2string
>> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>>
>> server log:
>> TLS trace: SSL3 alert write:fatal:handshake failure
>> TLS trace: SSL_accept:error in SSLv3 read client certificate B
>> TLS: can't accept.
>> TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did
>> not
>> return a certificate s3_srvr.c:2455
>
> So you attempted to connect to a server that it couldn't contact, and
> that server didn't return a cert (since it can't be contacted). What
> exactly is the bug here?
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Principal Software Engineer
> Zimbra, Inc
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
The client got the server's certificate well, but the client doesn't
send his own certificate to the server. SSL3_GET_CLIENT_CERTIFICATE:peer
did not return a certificate s3_srvr.c:2455
More information about the Pkg-openldap-devel
mailing list