On Fri, May 12, 2023 at 9:59 PM Jeffrey Walton noloader@gmail.com wrote:
terry.lemons@dell.com wrote:
Looping back to this... This smells bad, too:
CONNECTED(00000003) 139702302594704:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
OpenSSL 3.x does not have the s23*.c files. Confer, https://github.com/openssl/openssl/tree/master/ssl .
The last time there were s23*.c files, like s23_lib.c, was OpenSSL 1.0.2. Confer, https://github.com/openssl/openssl/tree/OpenSSL_1_0_2-stable/ssl .
When I look that error up with with OpenSSL 3.0.2, I get a bogus error back:
$ openssl errstr 0x140790E5 error:140790E5:UI routines::reason(495845) $ openssl version OpenSSL 3.0.2 15 Mar 2022I'm wondering if OpenLDAP was compiled and linked against one version of the OpenSSL library, but it is getting runtime-linked with another [non-binary compat] version of OpenSSL by ldd.
Are there multiple versions of OpenSSL available on that machine?
I probably should have mentioned... OpenSSL 1.0.2 is End of Life. It only supports up to TLS v1.2. But it does have full ECC support.
See how this command works for you:
openssl s_client -tls1_2 \ -connect ldpdd042.hop.lab.emc.com:636 ...
Jeff