On Mon, Oct 13, 2008 at 12:16:55PM +0200, John Gee wrote:
I will try it later today with a new-ca, but i think the problems must be at ldapclient (SUNWlldap) or inside cerutil.
I recreated the complete CA and Server-Certs. recreated nss-db on client site, and it works now. i dont know why, but it works ;)
TLS/SSL connection_get(11): got connid=13 connection_read(11): checking for input on id=13 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A connection_get(11): got connid=13 connection_read(11): checking for input on id=13 TLS trace: SSL_accept:SSLv3 read client key exchange A TLS trace: SSL_accept:SSLv3 read finished A TLS trace: SSL_accept:SSLv3 write change cipher spec A TLS trace: SSL_accept:SSLv3 write finished A TLS trace: SSL_accept:SSLv3 flush data connection_read(11): unable to get TLS client DN, error=49 id=13 connection_get(11): got connid=13 connection_read(11): checking for input on id=13
and here is the part thats didnt work before: ber_get_next ber_get_next: tag 0x30 len 61 contents: ber_get_next conn=13 op=0 do_bind ber_scanf fmt ({imt) ber: ber_scanf fmt (m}) ber: >>> dnPrettyNormal: <cn=proxyAgent,ou=profile,o=kleinfeld,c=ch>
Thanks for your help Dieter
Regards John