On 10/11/2011 02:38 AM, Olivier Guillard wrote:
Thanks Rich, see below :
-12272 is SSL_ERROR_BAD_MAC_ALERT and -12273 is SSL_ERROR_BAD_MAC_READ I've seen this when the client and server do not have the same SSL certificate signature algorithm support. Is everything running on RHEL6 and/or Fedora 14 and later?
[root@ldap2 ~]# cat /etc/issue Red Hat Enterprise Linux Server release 6.1 (Santiago) Kernel \r on an \m
[root@ldap2 ~]# rpm -qa | grep -i openldap openldap-2.4.23-15.el6_1.3.x86_64 openldap-servers-2.4.23-15.el6_1.3.x86_64 openldap-debuginfo-2.4.23-15.el6_1.1.x86_64 openldap-clients-2.4.23-15.el6_1.3.x86_64
[root@ldap1 ~]# cat /etc/issue Red Hat Enterprise Linux Server release 6.1 (Santiago) Kernel \r on an \m
[root@ldap1 ~]# rpm -qa | grep -i openldap openldap-debuginfo-2.4.23-15.el6_1.1.x86_64 openldap-clients-2.4.23-15.el6_1.3.x86_64 openldap-2.4.23-15.el6_1.3.x86_64 openldap-servers-2.4.23-15.el6_1.3.x86_64
[root@ldap2 cacerts]# rpm -qa | grep openssl openssl-1.0.0-10.el6_1.4.x86_64
[root@ldap1 ldap1]# rpm -qa | grep openssl openssl-1.0.0-10.el6_1.4.x86_64
Not sure if that made a difference but I "yum-updated" on last friday and openldap servers version passed :
from openldap-servers-2.4.23-15.el6_1.1.x86_64 to openldap-servers-2.4.23-15.el6_1.3.x86_64
Was it working before you yum updated?
Olivier
On Mon, Oct 10, 2011 at 9:54 PM, Rich Megginson rich.megginson@gmail.com wrote:
here is what I get :
ldap1 # /usr/sbin/slapd -f slapd.conf -h ldap:/// -u ldap -d Sync ... TLS: error: accept - force handshake failure: errno 11 - moznss error -12273 TLS: can't accept: TLS error -12273:Unknown code ___P 15. TLS: error: connect - force handshake failure: errno 0 - moznss error -12272 TLS: can't connect: TLS error -12272:Unknown code ___P 16. slap_client_connect: URI=ldap://ldap2.example.fr Warning, ldap_start_tls failed (-11) slap_client_connect: URI=ldap://ldap2.example.fr ldap_sasl_interactive_bind_s failed (-6) do_syncrepl: rid=121 rc -6 retrying
ldap2 # /usr/sbin/slapd -f slapd.conf -h ldap:/// -u ldap -d Sync ... TLS: error: connect - force handshake failure: errno 0 - moznss error -12272 TLS: can't connect: TLS error -12272:Unknown code ___P 16. slap_client_connect: URI=ldap://ldap1.eaxample.fr:389 Warning, ldap_start_tls failed (-11) slap_client_connect: URI=ldap://ldap1.example.fr:389 ldap_sasl_interactive_bind_s failed (-6) do_syncrepl: rid=211 rc -6 retrying TLS: error: accept - force handshake failure: errno 11 - moznss error -12273 TLS: can't accept: TLS error -12273:Unknown code ___P 15.
Any idea ?