Hi All,

After many googling, I find one thread in openldap mailing list year 2007, Feb to March about this issue, but no solution, and now it happened to me again. So I'm write to this mailing list to report this bug.

I'm running openldap 2.3.27 on CentOS 5.2 x86_64. I configured TLS on the server, and localhost successfully connected to 389 port with start_tls. However when I try to connect to this ldap server with start_tls from a Fedora 10 x86_64 client, it hangs.
As previous reported, if I launch slapd with -d2, remote client can connect to the server with TLS. by using -d1 on both server and client, server hangs at some where:
TLS trace: SSL_accept:error in SSLv3 write certificate request B
and client hangs at
TLS trace: SSL_accept:SSLv3 read certificate A

So, I rung -d2 on client, and find:
tls_read: want=179, got=179
 ...
tls_read: want=5, got=5
 ...
tls_read: want=14771, got=9952
 ...
So, the last seconds shows client expecting 14771 bytes of data, but server only send 9952 bytes, so client thinking server will send more, but server get error?

if I run same ldapsearch command from server (localhost), that line read as:
tls_read: want=14771, got=14771

Does this ring the bell?

Thanks

Noodle