openldap-technical-bounces+tomasz.welman=pl.ibm.com@openldap.org wrote on 11/11/2009 01:51:53 AM: > Mathias Gug <mathiaz@ubuntu.com>
> Sent by: openldap-technical-bounces+tomasz.welman=pl.ibm.com@openldap.org >
> 11/11/2009 01:51 AM
> > To
> > openldap-technical@openldap.org
> > cc
> > Subject
> > Re: Problem with ldaps:// when switching from 2.3 to 2.4
> > Hi, > > 2009/11/10 Tomasz Welman <tomasz.welman@pl.ibm.com>: > > > > I have a third machine with the same configuration but with an exception > > that it is > > upgraded to Ubuntu Karmic (sorry, earlier I said the 2nd was karmic but it's > > jaunty), so LDAP versions are: > > > > The problem is exactly the same as on the second machine: > > > > root@darthvader:/etc/ldap# ldapsearch -d5 -x -H ldaps://myldapserver.com > > ldap_url_parse_ext(ldaps://myldapserver.com) > > ldap_create > > ldap_url_parse_ext(ldaps://myldapserver.com:636/??base) > > ldap_sasl_bind > > ldap_send_initial_request > > ldap_new_connection 1 1 0 > > ldap_int_open_connection > > ldap_connect_to_host: TCP myldapserver.com:636 > > ldap_new_socket: 3 > > ldap_prepare_socket: 3 > > ldap_connect_to_host: Trying 9.17.186.253:636 > > ldap_pvt_connect: fd: 3 tm: -1 async: 0 > > ldap_err2string > > ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) > > > > > > > > Any suggestions? > > > > Could you provide the debugging information outlined on the > DebuggingOpenldap wiki page: > >https://wiki.ubuntu.com/DebuggingOpenldap>
Here is the debug info requested:

[root@darthvader ~]# cat /etc/ldap/ldap.conf
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE dc=example,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never

TLS_CACERT /etc/ldap/cacerts/bp.cert

[root@darthvader ~]# cat /etc/ldap/cacerts/bp.cert
-----BEGIN CERTIFICATE-----
MIIFbzCCBFegAwIBAgIQQqowfydfbhGjnIrdG/yoqTANBgkqhkiG9w0BAQUFADCB
sDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNTEqMCgGA1UEAxMh
VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBMB4XDTA4MDMxOTAwMDAw
MFoXDTExMDUyMzIzNTk1OVowgeIxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhDb2xv
cmFkbzEQMA4GA1UEBxQHQm91bGRlcjEoMCYGA1UEChQfSW50ZXJuYXRpb25hbCBC
dXNpbmVzcyBNYWNoaW5lczEzMDEGA1UECxQqVGVybXMgb2YgdXNlIGF0IHd3dy52
ZXJpc2lnbi5jb20vcnBhIChjKTA1MTMwMQYDVQQLFCpUZXJtcyBvZiB1c2UgYXQg
d3d3LnZlcmlzaWduLmNvbS9ycGEgKGMpMDUxGjAYBgNVBAMUEWJsdWVwYWdlcy5p
Ym0uY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDSUyh7l1px1jcmNeqf
48bV4DQUKhk1h0uBOn24+HdD5YS0TuYrOVtY7L/oX6jT+2Klaogyq8JdYaREnKJo
NVAHyPoAYUrnCHwguZdK0KRo9EjbP55qGoYw0gtd0zD9f/G03237x+Kz6sVAvnmN
zWeHZ8OT4EfLKDa1pGW/F7QHTQIDAQABo4IB0zCCAc8wCQYDVR0TBAIwADALBgNV
HQ8EBAMCBaAwRAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL1NWUlNlY3VyZS1jcmwu
dmVyaXNpZ24uY29tL1NWUlNlY3VyZTIwMDUuY3JsMEQGA1UdIAQ9MDswOQYLYIZI
AYb4RQEHFwMwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
L3JwYTAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAU
b+yvoN2KpO/1KhBnLT9VgrzX7yUweQYIKwYBBQUHAQEEbTBrMCQGCCsGAQUFBzAB
hhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wQwYIKwYBBQUHMAKGN2h0dHA6Ly9T
VlJTZWN1cmUtYWlhLnZlcmlzaWduLmNvbS9TVlJTZWN1cmUyMDA1LWFpYS5jZXIw
bgYIKwYBBQUHAQwEYjBgoV6gXDBaMFgwVhYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMC
GgQUS2u5KJYGDLvQUjibKaxLB4shBRgwJhYkaHR0cDovL2xvZ28udmVyaXNpZ24u
Y29tL3ZzbG9nbzEuZ2lmMA0GCSqGSIb3DQEBBQUAA4IBAQBXSkgfiiwhOkhj1jZn
NYM+ic3E3niRM7xFuz4nz2vX5L7ThVFlYFlWoOynNyfuVXqMxqrf6f8Y2uVMY5Cj
PohjrjVocgDsN8epFaplIH/HSXj21q385wAajfYBsxzTQqHytUZ0Apva7rpGAG9l
TUYyqA7vxmr/xLTIPzWNk680hwXihFFw8f4vcIvS1riu1AwESUiRQN2BJkTAaRKt
n2qjBWirioah4j8kJWvsH/p1P7OAg63rM9hEWi3t9aQBZ2JKKKwmdTI98J2wG/nC
PkwhK2dIdkBjr+6ICd0Hp8MME0oTpXq8CuiAbEQRcvQ6aUttnDYOnE8dluRPccgf
5BFI
-----END CERTIFICATE-----

[root@darthvader ~]# ldapsearch -d 7 -H ldaps://bluepages.ibm.com
ldap_url_parse_ext(ldaps://bluepages.ibm.com)
ldap_create
ldap_url_parse_ext(ldaps://bluepages.ibm.com:636/??base)
ldap_pvt_sasl_getmech
ldap_search
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ldap_build_search_req ATTRS: supportedSASLMechanisms
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP bluepages.ibm.com:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 9.17.186.253:636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
tls_write: want=81, written=81
0000: 16 03 02 00 4c 01 00 00 48 03 02 4a fb c2 e8 15 ....L...H..J....
0010: 11 1e 35 52 93 0d eb c2 8e 77 62 d5 64 01 a3 72 ..5R.....wb.d..r
0020: 19 b6 5a e7 45 df 9e 7a c0 55 e8 00 00 18 00 33 ..Z.E..z.U.....3
0030: 00 39 00 16 00 32 00 38 00 13 00 66 00 2f 00 35 .9...2.8...f./.5
0040: 00 0a 00 05 00 04 01 00 00 07 00 09 00 03 02 00 ................
0050: 01 .
tls_read: want=5, got=5
0000: 16 03 01 0c b1 .....
tls_read: want=3249, got=3249
0000: 02 00 00 46 03 01 00 00 00 00 c8 53 6f e7 6e 95 ...F.......So.n.
0010: 35 cd b0 d7 30 6f b6 8d cf da 99 3e a4 71 2e b0 5...0o.....>.q..
0020: bb 31 79 ab 5f ba 20 00 01 60 68 ec d5 22 92 30 .1y._. ..`h..".0
0030: c5 bb c9 a4 4c f7 0a db 68 1b 47 58 58 58 58 00 ....L...h.GXXXX.
0040: 00 00 00 00 00 00 00 00 2f 00 0b 00 0c 5f 00 0c ......../...._..
0050: 5c 00 05 73 30 82 05 6f 30 82 04 57 a0 03 02 01 \..s0..o0..W....
0060: 02 02 10 42 aa 30 7f 27 5f 6e 11 a3 9c 8a dd 1b ...B.0.'_n......
0070: fc a8 a9 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 ...0...*.H......
0080: 05 00 30 81 b0 31 0b 30 09 06 03 55 04 06 13 02 ..0..1.0...U....
0090: 55 53 31 17 30 15 06 03 55 04 0a 13 0e 56 65 72 US1.0...U....Ver
00a0: 69 53 69 67 6e 2c 20 49 6e 63 2e 31 1f 30 1d 06 iSign, Inc.1.0..
00b0: 03 55 04 0b 13 16 56 65 72 69 53 69 67 6e 20 54 .U....VeriSign T
00c0: 72 75 73 74 20 4e 65 74 77 6f 72 6b 31 3b 30 39 rust Network1;09
00d0: 06 03 55 04 0b 13 32 54 65 72 6d 73 20 6f 66 20 ..U...2Terms of
00e0: 75 73 65 20 61 74 20 68 74 74 70 73 3a 2f 2f 77 use at https://w
00f0: 77 77 2e 76 65 72 69 73 69 67 6e 2e 63 6f 6d 2f ww.verisign.com/
0100: 72 70 61 20 28 63 29 30 35 31 2a 30 28 06 03 55 rpa (c)051*0(..U
0110: 04 03 13 21 56 65 72 69 53 69 67 6e 20 43 6c 61 ...!VeriSign Cla
0120: 73 73 20 33 20 53 65 63 75 72 65 20 53 65 72 76 ss 3 Secure Serv
0130: 65 72 20 43 41 30 1e 17 0d 30 38 30 33 31 39 30 er CA0...0803190
0140: 30 30 30 30 30 5a 17 0d 31 31 30 35 32 33 32 33 00000Z..11052323
0150: 35 39 35 39 5a 30 81 e2 31 0b 30 09 06 03 55 04 5959Z0..1.0...U.
0160: 06 13 02 55 53 31 11 30 0f 06 03 55 04 08 13 08 ...US1.0...U....
0170: 43 6f 6c 6f 72 61 64 6f 31 10 30 0e 06 03 55 04 Colorado1.0...U.
0180: 07 14 07 42 6f 75 6c 64 65 72 31 28 30 26 06 03 ...Boulder1(0&..
0190: 55 04 0a 14 1f 49 6e 74 65 72 6e 61 74 69 6f 6e U....Internation
01a0: 61 6c 20 42 75 73 69 6e 65 73 73 20 4d 61 63 68 al Business Mach
01b0: 69 6e 65 73 31 33 30 31 06 03 55 04 0b 14 2a 54 ines1301..U...*T
01c0: 65 72 6d 73 20 6f 66 20 75 73 65 20 61 74 20 77 erms of use at w
01d0: 77 77 2e 76 65 72 69 73 69 67 6e 2e 63 6f 6d 2f ww.verisign.com/
01e0: 72 70 61 20 28 63 29 30 35 31 33 30 31 06 03 55 rpa (c)051301..U
01f0: 04 0b 14 2a 54 65 72 6d 73 20 6f 66 20 75 73 65 ...*Terms of use
0200: 20 61 74 20 77 77 77 2e 76 65 72 69 73 69 67 6e at www.verisign
0210: 2e 63 6f 6d 2f 72 70 61 20 28 63 29 30 35 31 1a .com/rpa (c)051.
0220: 30 18 06 03 55 04 03 14 11 62 6c 75 65 70 61 67 0...U....bluepag
0230: 65 73 2e 69 62 6d 2e 63 6f 6d 30 81 9f 30 0d 06 es.ibm.com0..0..
0240: 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 .*.H............
0250: 30 81 89 02 81 81 00 d2 53 28 7b 97 5a 71 d6 37 0.......S({.Zq.7
0260: 26 35 ea 9f e3 c6 d5 e0 34 14 2a 19 35 87 4b 81 &5......4.*.5.K.
0270: 3a 7d b8 f8 77 43 e5 84 b4 4e e6 2b 39 5b 58 ec :}..wC...N.+9[X.
0280: bf e8 5f a8 d3 fb 62 a5 6a 88 32 ab c2 5d 61 a4 .._...b.j.2..]a.
0290: 44 9c a2 68 35 50 07 c8 fa 00 61 4a e7 08 7c 20 D..h5P....aJ..|
02a0: b9 97 4a d0 a4 68 f4 48 db 3f 9e 6a 1a 86 30 d2 ..J..h.H.?.j..0.
02b0: 0b 5d d3 30 fd 7f f1 b4 df 6d fb c7 e2 b3 ea c5 .].0.....m......
02c0: 40 be 79 8d cd 67 87 67 c3 93 e0 47 cb 28 36 b5 @.y..g.g...G.(6.
02d0: a4 65 bf 17 b4 07 4d 02 03 01 00 01 a3 82 01 d3 .e....M.........
02e0: 30 82 01 cf 30 09 06 03 55 1d 13 04 02 30 00 30 0...0...U....0.0
02f0: 0b 06 03 55 1d 0f 04 04 03 02 05 a0 30 44 06 03 ...U........0D..
0300: 55 1d 1f 04 3d 30 3b 30 39 a0 37 a0 35 86 33 68 U...=0;09.7.5.3h
0310: 74 74 70 3a 2f 2f 53 56 52 53 65 63 75 72 65 2d ttp://SVRSecure-
0320: 63 72 6c 2e 76 65 72 69 73 69 67 6e 2e 63 6f 6d crl.verisign.com
0330: 2f 53 56 52 53 65 63 75 72 65 32 30 30 35 2e 63 /SVRSecure2005.c
0340: 72 6c 30 44 06 03 55 1d 20 04 3d 30 3b 30 39 06 rl0D..U. .=0;09.
0350: 0b 60 86 48 01 86 f8 45 01 07 17 03 30 2a 30 28 .`.H...E....0*0(
0360: 06 08 2b 06 01 05 05 07 02 01 16 1c 68 74 74 70 ..+.........http
0370: 73 3a 2f 2f 77 77 77 2e 76 65 72 69 73 69 67 6e s://www.verisign
0380: 2e 63 6f 6d 2f 72 70 61 30 1d 06 03 55 1d 25 04 .com/rpa0...U.%.
0390: 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b .0...+.........+
03a0: 06 01 05 05 07 03 02 30 1f 06 03 55 1d 23 04 18 .......0...U.#..
03b0: 30 16 80 14 6f ec af a0 dd 8a a4 ef f5 2a 10 67 0...o........*.g
03c0: 2d 3f 55 82 bc d7 ef 25 30 79 06 08 2b 06 01 05 -?U....%0y..+...
03d0: 05 07 01 01 04 6d 30 6b 30 24 06 08 2b 06 01 05 .....m0k0$..+...
03e0: 05 07 30 01 86 18 68 74 74 70 3a 2f 2f 6f 63 73 ..0...http://ocs
03f0: 70 2e 76 65 72 69 73 69 67 6e 2e 63 6f 6d 30 43 p.verisign.com0C
0400: 06 08 2b 06 01 05 05 07 30 02 86 37 68 74 74 70 ..+.....0..7http
0410: 3a 2f 2f 53 56 52 53 65 63 75 72 65 2d 61 69 61 ://SVRSecure-aia
0420: 2e 76 65 72 69 73 69 67 6e 2e 63 6f 6d 2f 53 56 .verisign.com/SV
0430: 52 53 65 63 75 72 65 32 30 30 35 2d 61 69 61 2e RSecure2005-aia.
0440: 63 65 72 30 6e 06 08 2b 06 01 05 05 07 01 0c 04 cer0n..+........
0450: 62 30 60 a1 5e a0 5c 30 5a 30 58 30 56 16 09 69 b0`.^.\0Z0X0V..i
0460: 6d 61 67 65 2f 67 69 66 30 21 30 1f 30 07 06 05 mage/gif0!0.0...
0470: 2b 0e 03 02 1a 04 14 4b 6b b9 28 96 06 0c bb d0 +......Kk.(.....
0480: 52 38 9b 29 ac 4b 07 8b 21 05 18 30 26 16 24 68 R8.).K..!..0&.$h
0490: 74 74 70 3a 2f 2f 6c 6f 67 6f 2e 76 65 72 69 73 ttp://logo.veris
04a0: 69 67 6e 2e 63 6f 6d 2f 76 73 6c 6f 67 6f 31 2e ign.com/vslogo1.
04b0: 67 69 66 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 gif0...*.H......
04c0: 05 00 03 82 01 01 00 57 4a 48 1f 8a 2c 21 3a 48 .......WJH..,!:H
04d0: 63 d6 36 67 35 83 3e 89 cd c4 de 78 91 33 bc 45 c.6g5.>....x.3.E
04e0: bb 3e 27 cf 6b d7 e4 be d3 85 51 65 60 59 56 a0 .>'.k.....Qe`YV.
04f0: ec a7 37 27 ee 55 7a 8c c6 aa df e9 ff 18 da e5 ..7'.Uz.........
0500: 4c 63 90 a3 3e 88 63 ae 35 68 72 00 ec 37 c7 a9 Lc..>.c.5hr..7..
0510: 15 aa 65 20 7f c7 49 78 f6 d6 ad fc e7 00 1a 8d ..e ..Ix........
0520: f6 01 b3 1c d3 42 a1 f2 b5 46 74 02 9b da ee ba .....B...Ft.....
0530: 46 00 6f 65 4d 46 32 a8 0e ef c6 6a ff c4 b4 c8 F.oeMF2....j....
0540: 3f 35 8d 93 af 34 87 05 e2 84 51 70 f1 fe 2f 70 ?5...4....Qp../p
0550: 8b d2 d6 b8 ae d4 0c 04 49 48 91 40 dd 81 26 44 ........IH.@..&D
0560: c0 69 12 ad 9f 6a a3 05 68 ab 8a 86 a1 e2 3f 24 .i...j..h.....?$
0570: 25 6b ec 1f fa 75 3f b3 80 83 ad eb 33 d8 44 5a %k...u?.....3.DZ
0580: 2d ed f5 a4 01 67 62 4a 28 ac 26 75 32 3d f0 9d -....gbJ(.&u2=..
0590: b0 1b f9 c2 3e 4c 21 2b 67 48 76 40 63 af ee 88 ....>L!+gHv@c...
05a0: 09 dd 07 a7 c3 0c 13 4a 13 a5 7a bc 0a e8 80 6c .......J..z....l
05b0: 44 11 72 f4 3a 69 4b 6d 9c 36 0e 9c 4f 1d 96 e4 D.r.:iKm.6..O...
05c0: 4f 71 c8 1f e4 11 48 00 04 a0 30 82 04 9c 30 82 Oq....H...0...0.
05d0: 04 05 a0 03 02 01 02 02 10 75 33 7d 9a b0 e1 23 .........u3}...#
05e0: 3b ae 2d 7d e4 46 91 62 d4 30 0d 06 09 2a 86 48 ;.-}.F.b.0...*.H
05f0: 86 f7 0d 01 01 05 05 00 30 5f 31 0b 30 09 06 03 ........0_1.0...
0600: 55 04 06 13 02 55 53 31 17 30 15 06 03 55 04 0a U....US1.0...U..
0610: 13 0e 56 65 72 69 53 69 67 6e 2c 20 49 6e 63 2e ..VeriSign, Inc.
0620: 31 37 30 35 06 03 55 04 0b 13 2e 43 6c 61 73 73 1705..U....Class
0630: 20 33 20 50 75 62 6c 69 63 20 50 72 69 6d 61 72 3 Public Primar
0640: 79 20 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 y Certification
0650: 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 30 35 30 Authority0...050
0660: 31 31 39 30 30 30 30 30 30 5a 17 0d 31 35 30 31 119000000Z..1501
0670: 31 38 32 33 35 39 35 39 5a 30 81 b0 31 0b 30 09 18235959Z0..1.0.
0680: 06 03 55 04 06 13 02 55 53 31 17 30 15 06 03 55 ..U....US1.0...U
0690: 04 0a 13 0e 56 65 72 69 53 69 67 6e 2c 20 49 6e ....VeriSign, In
06a0: 63 2e 31 1f 30 1d 06 03 55 04 0b 13 16 56 65 72 c.1.0...U....Ver
06b0: 69 53 69 67 6e 20 54 72 75 73 74 20 4e 65 74 77 iSign Trust Netw
06c0: 6f 72 6b 31 3b 30 39 06 03 55 04 0b 13 32 54 65 ork1;09..U...2Te
06d0: 72 6d 73 20 6f 66 20 75 73 65 20 61 74 20 68 74 rms of use at ht
06e0: 74 70 73 3a 2f 2f 77 77 77 2e 76 65 72 69 73 69 tps://www.verisi
06f0: 67 6e 2e 63 6f 6d 2f 72 70 61 20 28 63 29 30 35 gn.com/rpa (c)05
0700: 31 2a 30 28 06 03 55 04 03 13 21 56 65 72 69 53 1*0(..U...!VeriS
0710: 69 67 6e 20 43 6c 61 73 73 20 33 20 53 65 63 75 ign Class 3 Secu
0720: 72 65 20 53 65 72 76 65 72 20 43 41 30 82 01 22 re Server CA0.."
0730: 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 0...*.H.........
0740: 82 01 0f 00 30 82 01 0a 02 82 01 01 00 95 c3 21 ....0..........!
0750: 12 8e 40 c5 0d 01 5f 76 5e 66 94 d9 73 2c 58 19 ..@..._v^f..s,X.
0760: 22 b8 c9 fc 7a 39 90 2a 77 72 7c 1d 3e f7 d8 55 "...z9.*wr|.>..U
0770: e3 af 42 cb 87 30 02 dc 5b ac 70 e6 b8 44 b4 2b ..B..0..[.p..D.+
0780: 35 eb 93 d2 17 05 7e cb 46 d6 5c 53 a0 32 51 9d 5.....~.F.\S.2Q.
0790: 74 64 58 f9 0c 9a 00 ea 5e 44 49 64 72 f4 cd 10 tdX.....^DIdr...
07a0: e2 85 0a f9 34 ee b3 88 66 a9 a5 a4 5a d0 0e 98 ....4...f...Z...
07b0: 7f 58 0d 2b 52 bb 86 a9 7e 2e fa b2 48 7c 8d db .X.+R...~...H|..
07c0: 2d 5f 01 75 a2 8d 06 3b 8b b4 61 07 c9 be 22 99 -_.u...;..a...".
07d0: f8 1b d1 b5 57 66 04 4d 35 f4 91 71 96 b5 99 08 ....Wf.M5..q....
07e0: 25 9b 97 c8 3a f3 20 b1 dd 9e 98 0c 4a 63 b7 a6 %...:. .....Jc..
07f0: ce b0 01 ce f8 93 6a f3 0c 6e 9f b1 e9 84 7b 81 ......j..n....{.
0800: 98 41 e6 81 dc 3d 2c e7 b4 6b e3 9e fc 08 16 d7 .A...=,..k......
0810: b3 d5 b9 66 12 99 7c 6d 71 c8 4d be c7 0f e3 fb ...f..|mq.M.....
0820: 37 ad d5 75 87 21 6b 86 d0 44 14 5a 54 79 39 96 7..u.!k..D.ZTy9.
0830: 69 56 c9 b9 31 cd 89 61 58 e1 d9 76 05 05 ad f7 iV..1..aX..v....
0840: b9 02 af a7 fd 47 91 a2 22 34 5a 31 d1 02 03 01 .....G.."4Z1....
0850: 00 01 a3 82 01 81 30 82 01 7d 30 12 06 03 55 1d ......0..}0...U.
0860: 13 01 01 ff 04 08 30 06 01 01 ff 02 01 00 30 44 ......0.......0D
0870: 06 03 55 1d 20 04 3d 30 3b 30 39 06 0b 60 86 48 ..U. .=0;09..`.H
0880: 01 86 f8 45 01 07 17 03 30 2a 30 28 06 08 2b 06 ...E....0*0(..+.
0890: 01 05 05 07 02 01 16 1c 68 74 74 70 73 3a 2f 2f ........https://
08a0: 77 77 77 2e 76 65 72 69 73 69 67 6e 2e 63 6f 6d www.verisign.com
08b0: 2f 72 70 61 30 31 06 03 55 1d 1f 04 2a 30 28 30 /rpa01..U...*0(0
08c0: 26 a0 24 a0 22 86 20 68 74 74 70 3a 2f 2f 63 72 &.$.". http://cr
08d0: 6c 2e 76 65 72 69 73 69 67 6e 2e 63 6f 6d 2f 70 l.verisign.com/p
08e0: 63 61 33 2e 63 72 6c 30 0e 06 03 55 1d 0f 01 01 ca3.crl0...U....
08f0: ff 04 04 03 02 01 06 30 11 06 09 60 86 48 01 86 .......0...`.H..
0900: f8 42 01 01 04 04 03 02 01 06 30 29 06 03 55 1d .B........0)..U.
0910: 11 04 22 30 20 a4 1e 30 1c 31 1a 30 18 06 03 55 .."0 ..0.1.0...U
0920: 04 03 13 11 43 6c 61 73 73 33 43 41 32 30 34 38 ....Class3CA2048
0930: 2d 31 2d 34 35 30 1d 06 03 55 1d 0e 04 16 04 14 -1-450...U......
0940: 6f ec af a0 dd 8a a4 ef f5 2a 10 67 2d 3f 55 82 o........*.g-?U.
0950: bc d7 ef 25 30 81 80 06 03 55 1d 23 04 79 30 77 ...%0....U.#.y0w
0960: a1 63 a4 61 30 5f 31 0b 30 09 06 03 55 04 06 13 .c.a0_1.0...U...
0970: 02 55 53 31 17 30 15 06 03 55 04 0a 13 0e 56 65 .US1.0...U....Ve
0980: 72 69 53 69 67 6e 2c 20 49 6e 63 2e 31 37 30 35 riSign, Inc.1705
0990: 06 03 55 04 0b 13 2e 43 6c 61 73 73 20 33 20 50 ..U....Class 3 P
09a0: 75 62 6c 69 63 20 50 72 69 6d 61 72 79 20 43 65 ublic Primary Ce
09b0: 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 rtification Auth
09c0: 6f 72 69 74 79 82 10 70 ba e4 1d 10 d9 29 34 b6 ority..p.....)4.
09d0: 38 ca 7b 03 cc ba bf 30 0d 06 09 2a 86 48 86 f7 8.{....0...*.H..
09e0: 0d 01 01 05 05 00 03 81 81 00 c3 7e 08 46 5d 91 ...........~.F].
09f0: 36 cf 67 dc d7 a7 af af b8 22 c3 8b 04 74 d3 b1 6.g......"...t..
0a00: 60 bc e6 fe b7 44 12 81 5b 31 73 14 63 56 c6 72 `....D..[1s.cV.r
0a10: 2e d1 1a 03 43 5c 38 0a 50 4a 4d cd da b6 19 a8 ....C\8.PJM.....
0a20: f4 99 0d af e3 f7 d8 f1 75 28 65 f6 6a fe 9b f4 ........u(e.j...
0a30: bd 52 d9 3f cb da 16 cb a5 9e 2e 8e 66 52 78 3d .R.?........fRx=
0a40: 26 fa fe 94 36 88 4a 95 5e 2a 4c 19 ef 6e fa 82 &...6.J.^*L..n..
0a50: 3f 2d 03 ef d6 28 b3 37 18 cf 42 b2 34 21 64 47 ?-...(.7..B.4!dG
0a60: d3 20 6b 3a 4c dc e6 03 90 0c 00 02 40 30 82 02 . k:L.......@0..
0a70: 3c 30 82 01 a5 02 10 70 ba e4 1d 10 d9 29 34 b6 <0.....p.....)4.
0a80: 38 ca 7b 03 cc ba bf 30 0d 06 09 2a 86 48 86 f7 8.{....0...*.H..
0a90: 0d 01 01 02 05 00 30 5f 31 0b 30 09 06 03 55 04 ......0_1.0...U.
0aa0: 06 13 02 55 53 31 17 30 15 06 03 55 04 0a 13 0e ...US1.0...U....
0ab0: 56 65 72 69 53 69 67 6e 2c 20 49 6e 63 2e 31 37 VeriSign, Inc.17
0ac0: 30 35 06 03 55 04 0b 13 2e 43 6c 61 73 73 20 33 05..U....Class 3
0ad0: 20 50 75 62 6c 69 63 20 50 72 69 6d 61 72 79 20 Public Primary
0ae0: 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 Certification Au
0af0: 74 68 6f 72 69 74 79 30 1e 17 0d 39 36 30 31 32 thority0...96012
0b00: 39 30 30 30 30 30 30 5a 17 0d 32 38 30 38 30 31 9000000Z..280801
0b10: 32 33 35 39 35 39 5a 30 5f 31 0b 30 09 06 03 55 235959Z0_1.0...U
0b20: 04 06 13 02 55 53 31 17 30 15 06 03 55 04 0a 13 ....US1.0...U...
0b30: 0e 56 65 72 69 53 69 67 6e 2c 20 49 6e 63 2e 31 .VeriSign, Inc.1
0b40: 37 30 35 06 03 55 04 0b 13 2e 43 6c 61 73 73 20 705..U....Class
0b50: 33 20 50 75 62 6c 69 63 20 50 72 69 6d 61 72 79 3 Public Primary
0b60: 20 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 Certification A
0b70: 75 74 68 6f 72 69 74 79 30 81 9f 30 0d 06 09 2a uthority0..0...*
0b80: 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 .H............0.
0b90: 89 02 81 81 00 c9 5c 59 9e f2 1b 8a 01 14 b4 10 ......\Y........
0ba0: df 04 40 db e3 57 af 6a 45 40 8f 84 0c 0b d1 33 ..@..W.jE@.....3
0bb0: d9 d9 11 cf ee 02 58 1f 25 f7 2a a8 44 05 aa ec ......X.%.*.D...
0bc0: 03 1f 78 7f 9e 93 b9 9a 00 aa 23 7d d6 ac 85 a2 ..x.......#}....
0bd0: 63 45 c7 72 27 cc f4 4c c6 75 71 d2 39 ef 4f 42 cE.r'..L.uq.9.OB
0be0: f0 75 df 0a 90 c6 8e 20 6f 98 0f f8 ac 23 5f 70 .u..... o....#_p
0bf0: 29 36 a4 c9 86 e7 b1 9a 20 cb 53 a5 85 e7 3d be )6...... .S...=.
0c00: 7d 9a fe 24 45 33 dc 76 15 ed 0f a2 71 64 4c 65 }..$E3.v....qdLe
0c10: 2e 81 68 45 a7 02 03 01 00 01 30 0d 06 09 2a 86 ..hE......0...*.
0c20: 48 86 f7 0d 01 01 02 05 00 03 81 81 00 bb 4c 12 H.............L.
0c30: 2b cf 2c 26 00 4f 14 13 dd a6 fb fc 0a 11 84 8c +.,&.O..........
0c40: f3 28 1c 67 92 2f 7c b6 c5 fa df f0 e8 95 bc 1d .(.g./|.........
0c50: 8f 6c 2c a8 51 cc 73 d8 a4 c0 53 f0 4e d6 26 c0 .l,.Q.s...S.N.&.
0c60: 76 01 57 81 92 5e 21 f1 d1 b1 ff e7 d0 21 58 cd v.W..^!......!X.
0c70: 69 17 e3 44 1c 9c 19 44 39 89 5c dc 9c 00 0f 56 i..D...D9.\....V
0c80: 8d 02 99 ed a2 90 45 4c e4 bb 10 a4 3d f0 32 03 ......EL....=.2.
0c90: 0e f1 ce f8 e8 c9 51 8c e6 62 9f e6 9f c0 7d b7 ......Q..b....}.
0ca0: 72 9c c9 36 3a 6b 9f 4e a8 ff 64 0d 64 0e 00 00 r..6:k.N..d.d...
0cb0: 00 .
tls_write: want=139, written=139
0000: 16 03 01 00 86 10 00 00 82 00 80 9a ef 3e bc a0 .............>..
0010: 09 eb 5e 2e 78 83 00 fd e1 cb 48 a1 b9 af 4f af ..^.x.....H...O.
0020: 44 82 be fc 07 e0 21 9a 98 93 9d 0b a1 26 b4 d1 D.....!......&..
0030: c8 64 f1 e4 7a 5f 3d d0 45 05 60 e1 5b 16 57 81 .d..z_=.E.`.[.W.
0040: 12 d7 d4 27 4c 10 d9 f6 37 b8 31 73 15 a5 b5 10 ...'L...7.1s....
0050: d5 58 09 73 20 54 f7 47 0f 24 a1 d3 d7 c7 71 58 .X.s T.G.$....qX
0060: 28 53 29 0b 70 d2 07 cd 7b 31 7e 21 ca e0 27 c9 (S).p...{1~!..'.
0070: 39 37 a9 0b a4 ba 22 25 3e a3 77 c5 df 27 3e 48 97...."%>.w..'>H
0080: 27 4d 82 0c 1f d7 f6 76 47 cf 62 'M.....vG.b
tls_write: want=6, written=6
0000: 14 03 01 00 01 01 ......
tls_write: want=69, written=69
0000: 16 03 01 00 40 09 f5 48 2b f7 47 56 dd 21 0f a8 ....@..H+.GV.!..
0010: 1c d0 02 da f2 89 ff eb 12 38 46 39 18 56 42 68 .........8F9.VBh
0020: c1 25 cc 56 64 a1 f5 88 53 11 a1 05 6e 21 12 7a .%.Vd...S...n!.z
0030: c6 b3 b4 85 b9 df fa 74 93 0a cb 4a 0f 00 43 af .......t...J..C.
0040: 0a 41 00 a7 40 .A..@
tls_read: want=5, got=5
0000: 14 03 01 00 01 .....
tls_read: want=1, got=1
0000: 01 .
tls_read: want=5, got=5
0000: 15 03 01 00 20 ....
tls_read: want=32, got=32
0000: a5 3c 60 d3 49 b3 0a 47 a5 65 9b 45 bd ba 44 84 .<`.I..G.e.E..D.
0010: 50 88 b4 4b 23 f1 13 be 93 f4 8e 42 0a 97 b5 b7 P..K#......B....
TLS: can't connect: Decryption has failed..
ldap_err2string
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

The gnutls-cli I've launched 3 times and the error messages differ, look:

[root@darthvader ~]# gnutls-cli --x509cafile /etc/ldap/cacerts/bp.cert -p 636 bluepages.ibm.com
Processed 1 CA certificate(s).
Resolving 'bluepages.ibm.com'...
Connecting to '9.17.186.253:636'...
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed
GNUTLS ERROR: A TLS packet with unexpected length was received.
[root@darthvader ~]# gnutls-cli --x509cafile /etc/ldap/cacerts/bp.cert -p 636 bluepages.ibm.com
Processed 1 CA certificate(s).
Resolving 'bluepages.ibm.com'...
Connecting to '9.17.186.253:636'...
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed
GNUTLS ERROR: A TLS packet with unexpected length was received.
[root@darthvader ~]# gnutls-cli --x509cafile /etc/ldap/cacerts/bp.cert -p 636 bluepages.ibm.com
Processed 1 CA certificate(s).
Resolving 'bluepages.ibm.com'...
Connecting to '9.17.186.253:636'...
*** Fatal error: Decryption has failed.
*** Handshake has failed
GNUTLS ERROR: Decryption has failed.

[root@darthvader ~]# dpkg-query -W -f='${Package} ${Version} ${Source} ${Status}\n' | egrep 'slapd|ldap|gnutls'
gnutls-bin 2.8.3-2 gnutls26 install ok installed
ldap-auth-config 0.5.2 ldap-auth-client deinstall ok config-files
ldap-utils 2.4.18-0ubuntu1 openldap install ok installed
libaprutil1-ldap 1.3.9+dfsg-1ubuntu1 apr-util install ok installed
libcurl3-gnutls 7.19.5-1ubuntu2 curl install ok installed
libgnutls26 2.8.3-2 gnutls26 install ok installed
libldap-2.4-2 2.4.18-0ubuntu1 openldap install ok installed
libneon27-gnutls 0.28.6-1 neon27 install ok installed

Let me know if you need more information.

--
Tomasz 'Trog' Welman
Software Developer
external: 48-12-628-9449
ITN: 34819449
T/L: 9449

IBM SWG Lab, Krakow, Poland
IBM Polska Sp. z o.o. oddzia� w Krakowie
ul. Armii Krajowej 18 30 -150 Krak�w
NIP: 526-030-07-24, KRS 0000012941
Kapita� zak�adowy: 33.000.000 PLN