Mathias Gug mathiaz@ubuntu.com wrote on 11/12/2009 06:13:29 PM:
Mathias Gug mathiaz@ubuntu.com 11/12/2009 06:13 PM
To
Tomasz Welman/Poland/IBM@IBMPL
cc
openldap-technical@openldap.org
Subject
Re: Problem with ldaps:// when switching from 2.3 to 2.4
On Thu, Nov 12, 2009 at 09:17:12AM +0100, Tomasz Welman wrote: [...]
TLS: can't connect: Decryption has failed.. ldap_err2string ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
The gnutls-cli I've launched 3 times and the error messages differ,
look:
[root@darthvader ~]# gnutls-cli --x509cafile /etc/ldap/cacerts/bp.cert
-p
636 bluepages.ibm.com Processed 1 CA certificate(s). Resolving 'bluepages.ibm.com'... Connecting to '9.17.186.253:636'...
*** Fatal error: A TLS packet with unexpected length was received. *** Handshake has failed GNUTLS ERROR: A TLS packet with unexpected length was received.
[root@darthvader ~]# gnutls-cli --x509cafile /etc/ldap/cacerts/bp.cert
-p
636 bluepages.ibm.com Processed 1 CA certificate(s). Resolving 'bluepages.ibm.com'... Connecting to '9.17.186.253:636'...
*** Fatal error: A TLS packet with unexpected length was received. *** Handshake has failed GNUTLS ERROR: A TLS packet with unexpected length was received.
[root@darthvader ~]# gnutls-cli --x509cafile /etc/ldap/cacerts/bp.cert
-p
636 bluepages.ibm.com Processed 1 CA certificate(s). Resolving 'bluepages.ibm.com'... Connecting to '9.17.186.253:636'... *** Fatal error: Decryption has failed. *** Handshake has failed GNUTLS ERROR: Decryption has failed.
Seems like there is an error with the gnutls library rather than
openldap.
Could you try to connect to the server with openssl s_client instead of gnutls-cli?
I did it in order to get this bp.cert. It's working perfectly.
What should I do now?
-- Tomasz 'Trog' Welman Software Developer external: 48-12-628-9449 ITN: 34819449 T/L: 9449
IBM SWG Lab, Krakow, Poland IBM Polska Sp. z o.o. oddział w Krakowie ul. Armii Krajowej 18 30 -150 Kraków NIP: 526-030-07-24, KRS 0000012941 Kapitał zakładowy: 33.000.000 PLN