Howard Chu wrote:
Denis Sacchet wrote:
Hello,
I have a strange behaviour regarding TLS encryption with an LDAP server. Everything works like a charm for a while, and without any sign, the server begins to not respond for TLS traffic. As the server is partially open on internet, I force TLS, so it is very annoying for us.
A trace of ldapsearch when there is the problem :
Show the corresponding slapd debug output for the same situation.
Of course, I don't want to hijack the OP's thread but as our problems seem to be rather similar I can also provide the corresponding slapd log:
[...] slapd starting
slap_listener(ldap:///)ldap_pvt_gethostbyname_a: host=uranos, r=0
connection_get(11): got connid=0 connection_read(11): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 29 contents: ber_get_next ber_get_next on fd 11 failed errno=11 (Resource temporarily unavailable) do_extended ber_scanf fmt ({m) ber: send_ldap_extended: err=0 oid= len=0 send_ldap_response: msgid=1 tag=120 err=0 ber_flush: 14 bytes to sd 11 connection_get(11): got connid=0 connection_read(11): checking for input on id=0 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write certificate request A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A connection_get(11): got connid=0 connection_read(11): checking for input on id=0 TLS trace: SSL3 alert write:fatal:handshake failure TLS trace: SSL_accept:error in SSLv3 read client certificate B TLS: can't accept. TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate s3_srvr.c:2471 connection_read(11): TLS accept failure error=-1 id=0, closing
[...]
Thanks, Fabian