Re: Problem with SSL/TLS on CentOS 7 after upgrading to 2.4.59

21 Oct 2021


      Thank you for the reply:
Here it is:
# ldapwhoami -H ldaps://ldap.noa.gr:636 -x -d -1
ldap_url_parse_ext(ldaps://ldap.noa.gr:636)
ldap_create
ldap_url_parse_ext(ldaps://ldap.noa.gr:636/??base)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldap.noa.gr:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 2001:648:2011:10::234 636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
connect success
TLS trace: SSL_connect:before/connect initialization
tls_write: want=289, written=289
   0000:  16 03 01 01 1c 01 00 01  18 03 03 18 6f 98 e6 4e ............o..N
   0010:  cb a4 18 3c d7 ea 88 43  1d 28 de ef 3c d9 a0 5a ...<...C.(..<..Z
   0020:  8b a4 cb a1 eb 4b be 96  7f 5a 78 00 00 ac c0 30 .....K...Zx....0
   0030:  c0 2c c0 28 c0 24 c0 14  c0 0a 00 a5 00 a3 00 a1 .,.(.$..........
   0040:  00 9f 00 6b 00 6a 00 69  00 68 00 39 00 38 00 37 ...k.j.i.h.9.8.7
   0050:  00 36 00 88 00 87 00 86  00 85 c0 32 c0 2e c0 2a .6.........2...*
   0060:  c0 26 c0 0f c0 05 00 9d  00 3d 00 35 00 84 c0 2f .&.......=.5.../
   0070:  c0 2b c0 27 c0 23 c0 13  c0 09 00 a4 00 a2 00 a0 .+.'.#..........
   0080:  00 9e 00 67 00 40 00 3f  00 3e 00 33 00 32 00 31 ...g.@.?.>.3.2.1
   0090:  00 30 00 9a 00 99 00 98  00 97 00 45 00 44 00 43 .0.........E.D.C
   00a0:  00 42 c0 31 c0 2d c0 29  c0 25 c0 0e c0 04 00 9c .B.1.-.).%......
   00b0:  00 3c 00 2f 00 96 00 41  c0 12 c0 08 00 16 00 13 .<./...A........
   00c0:  00 10 00 0d c0 0d c0 03  00 0a 00 07 c0 11 c0 07 ................
   00d0:  c0 0c c0 02 00 05 00 04  00 ff 01 00 00 43 00 0b .............C..
   00e0:  00 04 03 00 01 02 00 0a  00 0a 00 08 00 17 00 19 ................
   00f0:  00 18 00 16 00 23 00 00  00 0d 00 20 00 1e 06 01 .....#..... ....
   0100:  06 02 06 03 05 01 05 02  05 03 04 01 04 02 04 03 ................
   0110:  03 01 03 02 03 03 02 01  02 02 02 03 00 0f 00 01 ................
   0120:  01                                                 .
TLS trace: SSL_connect:SSLv2/v3 write client hello A
tls_read: want=7, got=7
   0000:  16 03 03 00 3a 02 00 ....:..
tls_read: want=56, got=56
   0000:  00 36 03 03 0b 75 dd 97  fc f5 46 4d 2c ec d5 a5 .6...u....FM,...
   0010:  8b af e0 e1 df 40 58 d1  15 96 12 27 70 24 d7 24 .....@X....'p$.$
   0020:  30 5d 7d ed 00 00 9d 00  00 0e ff 01 00 01 00 00 0]}.............
   0030:  23 00 00 00 0f 00 01 01 #.......
TLS trace: SSL_connect:SSLv3 read server hello A
tls_read: want=5, got=5
   0000:  16 03 03 08 8c .....
tls_read: want=2188, got=2188
   0000:  0b 00 08 88 00 08 85 00  08 82 30 82 08 7e 30 82 ..........0..~0.
   0010:  06 66 a0 03 02 01 02 02  11 00 93 7d a9 90 df b3 .f.........}....
   0020:  39 42 b7 c4 88 39 d4 c6  c7 10 30 0d 06 09 2a 86 9B...9....0...*.
   0030:  48 86 f7 0d 01 01 0c 05  00 30 44 31 0b 30 09 06 H........0D1.0..
   0040:  03 55 04 06 13 02 4e 4c  31 19 30 17 06 03 55 04 .U....NL1.0...U.
   0050:  0a 13 10 47 45 41 4e 54  20 56 65 72 65 6e 69 67 ...GEANT Verenig
   0060:  69 6e 67 31 1a 30 18 06  03 55 04 03 13 11 47 45 ing1.0...U....GE
   0070:  41 4e 54 20 4f 56 20 52  53 41 20 43 41 20 34 30   ANT OV RSA 
CA 40
   0080:  1e 17 0d 32 31 30 38 32  30 30 30 30 30 30 30 5a ...210820000000Z
   0090:  17 0d 32 32 30 38 32 30  32 33 35 39 35 39 5a 30 ..220820235959Z0
   00a0:  70 31 0b 30 09 06 03 55  04 06 13 02 47 52 31 10 p1.0...U....GR1.
   00b0:  30 0e 06 03 55 04 08 0c  07 41 74 74 69 6b c3 ad 0...U....Attik..
   00c0:  31 0f 30 0d 06 03 55 04  07 13 06 41 74 68 65 6e 1.0...U....Athen
   00d0:  73 31 27 30 25 06 03 55  04 0a 13 1e 4e 61 74 69 s1'0%..U....Nati
   00e0:  6f 6e 61 6c 20 4f 62 73  65 72 76 61 74 6f 72 79   onal 
Observatory
   00f0:  20 6f 66 20 41 74 68 65  6e 73 31 15 30 13 06 03    of 
Athens1.0...
   0100:  55 04 03 13 0c 6c 64 61  70 31 2e 6e 6f 61 2e 67 U....ldap1.noa.g
   0110:  72 30 82 02 22 30 0d 06  09 2a 86 48 86 f7 0d 01 r0.."0...*.H....
   0120:  01 01 05 00 03 82 02 0f  00 30 82 02 0a 02 82 02 .........0......
   0130:  01 00 ae 7f b9 26 59 5c  79 c8 c5 cb a2 dd fa 81 .....&Y\y.......
   0140:  d9 04 5a 86 07 e9 64 bd  2e 8a 72 ab d8 27 43 a8 ..Z...d...r..'C.
   0150:  6c 90 4f 18 88 ab 1b 9f  47 84 1f 23 28 85 ba 0c l.O.....G..#(...
   0160:  a4 18 3a 0c 81 dc 51 78  2a 66 22 fb 96 e8 81 eb ..:...Qx*f".....
   0170:  57 1a 98 dc 44 f2 96 9b  36 b6 ab 35 d1 ae af de W...D...6..5....
   0180:  84 84 47 b4 93 82 17 44  b4 83 d3 9c 16 0a 05 37 ..G....D.......7
   0190:  a6 50 3a f2 5e 72 d7 34  63 28 db 1d 4e 60 d8 db .P:.^r.4c(..N`..
   01a0:  21 1b 91 74 b5 16 6b d2  fe 2a 00 74 a8 1e b9 6b !..t..k..*.t...k
   01b0:  1c 0e 5d 7e 14 1b aa 2e  50 9d fa c4 45 3f d1 97 ..]~....P...E?..
   01c0:  06 a8 ba c2 00 ee 07 d3  f9 45 59 3a b9 95 b2 4b .........EY:...K
   01d0:  de fb 1e 35 c4 94 a4 3b  b3 68 b9 14 52 a9 2a dc ...5...;.h..R.*.
   01e0:  1a e2 a8 95 86 b7 15 22  78 a5 30 27 39 e9 f6 a7 ......."x.0'9...
   01f0:  e8 e1 ee f2 89 fa df 49  06 7f 6d c3 d0 43 7e 7f .......I..m..C~.
   0200:  8f ef 2f 05 84 52 f3 55  19 fd 20 0c f2 fd 68 93 ../..R.U.. ...h.
   0210:  78 d6 a4 85 0e 56 86 6f  81 82 8d 1b 4f 40 fa e2 x....V.o....O@..
   0220:  56 13 84 9d c6 f5 ca d7  49 8d 6f 7b 85 4f 93 6f V.......I.o{.O.o
   0230:  cd 62 9a 67 3b fc 6a 78  37 10 b6 40 b0 2c c6 6a .b.g;.jx7..@.,.j
   0240:  73 c0 a0 26 8e 31 e2 25  47 29 e2 89 45 ae f0 ac s..&.1.%G)..E...
   0250:  98 7b 41 9e c9 1b 0d 8b  ac 2a 2f fd 85 2a fc 7a .{A......*/..*.z
   0260:  56 4a bf 0c 74 51 be da  ba 69 da 28 32 7e 3c 1c VJ..tQ...i.(2~<.
   0270:  92 b9 a8 e3 24 9d 08 ad  15 9b 7a dc 4d 01 97 95 ....$.....z.M...
   0280:  75 40 38 e2 52 b8 61 46  e3 d6 d6 65 2c 8b 5b 40 u@8.R.aF...e,.[@
   0290:  0b dc 7d fd f2 52 28 0f  40 94 f0 13 b6 f3 4a 3e ..}..R(.@.....J>
   02a0:  d8 d2 aa 5a 63 44 12 9b  ab ea bf d8 25 0f bf 6f ...ZcD......%..o
   02b0:  d7 b8 8c fe 06 60 f3 50  da 08 5d d8 ca 4e 5e 7c .....`.P..]..N^|
   02c0:  82 1e 10 35 22 5a b3 53  66 10 05 be 9a 3f df 57 ...5"Z.Sf....?.W
   02d0:  d3 9f 9a a2 12 ff a4 b5  c0 7b f2 d2 5b d7 24 8c .........{..[.$.
   02e0:  9d 96 7c 1c 72 c6 5c 69  89 4e 0c f5 f0 53 a5 2c ..|.r.\i.N...S.,
   02f0:  67 cf c4 5a 32 dd a8 c4  24 ba 17 9a 4c 3b 62 6b g..Z2...$...L;bk
   0300:  3b 77 ec 7d 24 e9 14 1b  1a d3 7c e5 22 9a df d7 ;w.}$.....|."...
   0310:  00 ba 6a 34 7f 58 c3 db  fc ae 59 a1 b8 72 9b 37 ..j4.X....Y..r.7
   0320:  25 2f 87 b6 6a 74 a8 c8  dc 35 21 4f d6 70 18 21 %/..jt...5!O.p.!
   0330:  77 df 02 03 01 00 01 a3  82 03 3d 30 82 03 39 30 w.........=0..90
   0340:  1f 06 03 55 1d 23 04 18  30 16 80 14 6f 1d 35 49 ...U.#..0...o.5I
   0350:  10 6c 32 fa 59 a0 9e bc  8a e8 1f 95 be 71 7a 0c .l2.Y........qz.
   0360:  30 1d 06 03 55 1d 0e 04  16 04 14 77 82 ee 7e 11 0...U......w..~.
   0370:  04 87 18 01 19 95 1e 11  70 db fd a9 67 55 2d 30 ........p...gU-0
   0380:  0e 06 03 55 1d 0f 01 01  ff 04 04 03 02 05 a0 30 ...U...........0
   0390:  0c 06 03 55 1d 13 01 01  ff 04 02 30 00 30 1d 06 ...U.......0.0..
   03a0:  03 55 1d 25 04 16 30 14  06 08 2b 06 01 05 05 07 .U.%..0...+.....
   03b0:  03 01 06 08 2b 06 01 05  05 07 03 02 30 49 06 03 ....+.......0I..
   03c0:  55 1d 20 04 42 30 40 30  34 06 0b 2b 06 01 04 01   U. 
.B0@04..+....
   03d0:  b2 31 01 02 02 4f 30 25  30 23 06 08 2b 06 01 05 .1...O0%0#..+...
   03e0:  05 07 02 01 16 17 68 74  74 70 73 3a 2f 2f 73 65 ......https://se
   03f0:  63 74 69 67 6f 2e 63 6f  6d 2f 43 50 53 30 08 06 ctigo.com/CPS0..
   0400:  06 67 81 0c 01 02 02 30  3f 06 03 55 1d 1f 04 38 .g.....0?..U...8
   0410:  30 36 30 34 a0 32 a0 30  86 2e 68 74 74 70 3a 2f 0604.2.0..http:/
   0420:  2f 47 45 41 4e 54 2e 63  72 6c 2e 73 65 63 74 69 /GEANT.crl.secti
   0430:  67 6f 2e 63 6f 6d 2f 47  45 41 4e 54 4f 56 52 53 go.com/GEANTOVRS
   0440:  41 43 41 34 2e 63 72 6c  30 75 06 08 2b 06 01 05 ACA4.crl0u..+...
   0450:  05 07 01 01 04 69 30 67  30 3a 06 08 2b 06 01 05 .....i0g0:..+...
   0460:  05 07 30 02 86 2e 68 74  74 70 3a 2f 2f 47 45 41 ..0...http://GEA
   0470:  4e 54 2e 63 72 74 2e 73  65 63 74 69 67 6f 2e 63 NT.crt.sectigo.c
   0480:  6f 6d 2f 47 45 41 4e 54  4f 56 52 53 41 43 41 34 om/GEANTOVRSACA4
   0490:  2e 63 72 74 30 29 06 08  2b 06 01 05 05 07 30 01 .crt0)..+.....0.
   04a0:  86 1d 68 74 74 70 3a 2f  2f 47 45 41 4e 54 2e 6f ..http://GEANT.o
   04b0:  63 73 70 2e 73 65 63 74  69 67 6f 2e 63 6f 6d 30 csp.sectigo.com0
   04c0:  82 01 7e 06 0a 2b 06 01  04 01 d6 79 02 04 02 04 ..~..+.....y....
   04d0:  82 01 6e 04 82 01 6a 01  68 00 77 00 46 a5 55 eb ..n...j.h.w.F.U.
   04e0:  75 fa 91 20 30 b5 a2 89  69 f4 f3 7d 11 2c 41 74   u.. 
0...i..}.,At
   04f0:  be fd 49 b8 85 ab f2 fc  70 fe 6d 47 00 00 01 7b ..I.....p.mG...{
   0500:  64 a7 b0 14 00 00 04 03  00 48 30 46 02 21 00 9b d........H0F.!..
   0510:  56 73 ce 1b 17 33 80 20  4d e5 4f d2 be a2 5d 35 Vs...3. M.O...]5
   0520:  33 36 d0 14 8c db 33 55  2d 7b 1d d3 62 ad f7 02 36....3U-{..b...
   0530:  21 00 e9 10 ff 14 71 31  ec 71 83 70 ae 06 4f da !.....q1.q.p..O.
   0540:  17 9f c4 56 aa e5 f6 fc  f6 b6 f3 a7 f9 9d f7 11 ...V............
   0550:  7d e8 00 76 00 41 c8 ca  b1 df 22 46 4a 10 c6 a1 }..v.A...."FJ...
   0560:  3a 09 42 87 5e 4e 31 8b  1b 03 eb eb 4b c7 68 f0 :.B.^N1.....K.h.
   0570:  90 62 96 06 f6 00 00 01  7b 64 a7 b1 23 00 00 04 .b......{d..#...
   0580:  03 00 47 30 45 02 20 20  57 7a 5e 8d eb 75 03 39 ..G0E.  Wz^..u.9
   0590:  57 32 a0 9a ef ac db 45  28 ae f7 2b 76 60 87 0d W2.....E(..+v`..
   05a0:  1c 2d 47 4f bf a3 91 02  21 00 88 2e cf 09 53 19 .-GO....!.....S.
   05b0:  49 f1 b0 2d f4 89 92 ea  12 c1 9a 03 bc 62 2b d7 I..-.........b+.
   05c0:  16 51 02 f2 42 1e cb 6e  58 ce 00 75 00 29 79 be .Q..B..nX..u.)y.
   05d0:  f0 9e 39 39 21 f0 56 73  9f 63 a5 77 e5 be 57 7d ..99!.Vs.c.w..W}
   05e0:  9c 60 0a f8 f9 4d 5d 26  5c 25 5d c7 84 00 00 01 .`...M]&%].....
   05f0:  7b 64 a7 af f5 00 00 04  03 00 46 30 44 02 20 5f {d........F0D. _
   0600:  b0 93 d9 f8 74 af 1d a7  26 f2 67 a0 dc 0e 59 c0 ....t...&.g...Y.
   0610:  2e ce 3c 30 a7 b1 6f 6e  c9 b8 6e 95 23 09 c5 02 ..<0..on..n.#...
   0620:  20 51 b4 4d 58 3f aa a6  75 4b dd 55 49 7e f0 c6 Q.MX?..uK.UI~..
   0630:  29 a9 59 62 7f 06 2d 5d  c7 4f dd d9 3b b6 31 3e ).Yb..-].O..;.1>
   0640:  9b 30 35 06 03 55 1d 11  04 2e 30 2c 82 0c 6c 64 .05..U....0,..ld
   0650:  61 70 31 2e 6e 6f 61 2e  67 72 82 0f 6b 65 72 62 ap1.noa.gr..kerb
   0660:  65 72 6f 73 2e 6e 6f 61  2e 67 72 82 0b 6c 64 61 eros.noa.gr..lda
   0670:  70 2e 6e 6f 61 2e 67 72  30 0d 06 09 2a 86 48 86 p.noa.gr0...*.H.
   0680:  f7 0d 01 01 0c 05 00 03  82 02 01 00 50 60 0c a6 ............P`..
   0690:  03 55 61 c3 0d f0 bf ef  0b 5f 65 05 2e 21 a5 46 .Ua......_e..!.F
   06a0:  16 b6 29 00 8d 5b 6e 43  6a e6 45 e3 7b b2 25 5a ..)..[nCj.E.{.%Z
   06b0:  39 d0 f3 c9 2a 94 f7 14  a4 0c 91 dd bf 09 7d 2e 9...*.........}.
   06c0:  56 13 7c 67 37 0e a3 b0  7a 81 a4 7d 69 a2 49 dd V.|g7...z..}i.I.
   06d0:  23 97 b6 f1 e0 7f a6 69  a8 fc 08 66 86 a8 e7 56 #......i...f...V
   06e0:  b5 4c 20 82 42 e7 63 29  ca a5 91 2f c8 88 79 2a   .L 
.B.c).../..y*
   06f0:  d4 bc 2a 95 38 e4 4b 9f  a3 2f 85 41 b9 46 50 d0 ..*.8.K../.A.FP.
   0700:  6a 2a 41 c0 72 4c 33 ab  24 69 ea 13 74 48 31 6c j*A.rL3.$i..tH1l
   0710:  2b c1 97 ab bc be d2 7d  17 30 2a 7e fe fc df a9 +......}.0*~....
   0720:  af 8b 5a 89 45 71 e4 d1  ec 57 d9 6f ef f9 3b db ..Z.Eq...W.o..;.
   0730:  e0 ad e4 68 b0 21 50 65  27 e3 fa 8e 32 e6 d6 c6 ...h.!Pe'...2...
   0740:  7e c8 f7 ed 2f 0e 90 0f  9a ce 0a 4e c4 aa 34 e7 ~.../......N..4.
   0750:  b5 81 58 05 41 ba 23 57  56 ef 94 a9 45 18 d4 5b ..X.A.#WV...E..[
   0760:  6d 1f 38 ba 0f 76 7a 69  c1 21 01 38 61 60 96 5c m.8..vzi.!.8a`.\
   0770:  16 e4 b7 d7 fa d1 4b 74  e8 8a 70 6e eb d7 88 dc ......Kt..pn....
   0780:  a7 dd 45 d3 8c d3 53 b4  44 60 48 42 58 68 12 0f ..E...S.D`HBXh..
   0790:  2f 7a 90 5f 34 43 54 f1  d1 f5 f3 52 1e 3c 78 17 /z._4CT....R.<x.
   07a0:  4e 68 80 f6 9b cc 44 66  6f 12 f3 bc b1 81 ea 30 Nh....Dfo......0
   07b0:  9f 9f 48 1b 76 b7 b0 5c  aa 7d 52 f7 9f f7 a5 66 ..H.v...}R....f
   07c0:  6f 3a bf 3f 4e dc 6c 89  0d f1 8b 20 bc 18 a0 dd o:.?N.l.... ....
   07d0:  f7 21 a7 8b cb bf b4 af  c0 9f bc 58 10 5e 52 fa .!.........X.^R.
   07e0:  1e af 6e b7 9b 0d 36 4b  b0 eb 60 62 df 0f 49 88 ..n...6K..`b..I.
   07f0:  ed 0e 08 b5 7f 0b 72 a4  e6 3b 28 97 83 46 e1 a5 ......r..;(..F..
   0800:  97 c1 32 c1 b4 a8 b1 c6  d1 75 4f f2 4b 9c 1e d3 ..2......uO.K...
   0810:  1d 68 72 b9 af fe ad 3c  49 18 95 ec c2 ea f6 07 .hr....<I.......
   0820:  08 24 20 93 61 c7 06 70  dd f9 3b 45 00 2c 10 f5   .$ 
.a..p..;E.,..
   0830:  0a 4d c1 a7 db b2 b9 04  6a 82 bc 1a ae b2 7c d7 .M......j.....|.
   0840:  12 70 94 a2 cb a7 f9 c8  57 8e 76 69 cb 8a d8 e6 .p......W.vi....
   0850:  4d 1f 31 3d 9c 19 95 f3  66 d9 a1 11 9a b3 b5 1d M.1=....f.......
   0860:  7a af 3e e9 ee d5 56 39  cf 73 01 4a 2c e1 f3 7e z.>...V9.s.J,..~
   0870:  c7 f3 af f6 74 b9 06 f4  5b 1f 4c 73 4f 93 45 a1 ....t...[.LsO.E.
   0880:  57 d2 f3 1a 16 6e 37 d3  69 c5 da 42 W....n7.i..B
TLS certificate verification: depth: 0, err: 20, subject: 
/C=GR/ST=Attik\xC3\xAD/L=Athens/O=National Observatory of 
Athens/CN=ldap1.noa.gr, issuer: /C=NL/O=GEANT Vereniging/CN=GEANT OV RSA 
CA 4
TLS certificate verification: Error, unable to get local issuer certificate
tls_write: want=7, written=7
   0000:  15 03 03 00 02 02 30 ......0
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in error
TLS trace: SSL_connect:error in error
TLS: can't connect: error:14090086:SSL 
routines:ssl3_get_server_certificate:certificate verify failed (unable 
to get local issuer certificate).
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
I also set slapd to run with params: "-d -1". Here is the log:
# systemctl restart slapd
Job for slapd.service failed because a timeout was exceeded. See 
"systemctl status slapd.service" and "journalctl -xe" for details.
From the journal, some excerpts (it is very long):
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: TLS trace: 
SSL_accept:SSLv3 flush data
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: TLS trace: 
SSL_accept:SSLv3 read client certificate A
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: tls_read: want=5 
error=Resource temporarily unavailable
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: TLS trace: 
SSL_accept:error in SSLv3 read client key exchange A
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: TLS trace: 
SSL_accept:error in SSLv3 read client key exchange A
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: 617187a2 daemon: activity 
on 1 descriptor
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: 617187a2 daemon: activity on:
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: 617187a2 daemon: epoll: 
listen=7 active_threads=0 tvp=NULL
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: 617187a2 daemon: epoll: 
listen=8 active_threads=0 tvp=NULL
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: 617187a2 daemon: epoll: 
listen=9 active_threads=0 tvp=NULL
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: 617187a2 daemon: epoll: 
listen=10 active_threads=0 tvp=NULL
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: 617187a2 daemon: epoll: 
listen=11 active_threads=0 tvp=NULL
Oct 21 18:30:42 ldap.noa.gr slapd[24898]: conn=1001 fd=15 closed (TLS 
negotiation failure)
...
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: 617187a2 daemon: activity 
on 1 descriptor
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: 617187a2 daemon: activity on:
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: 617187a2 daemon: epoll: 
listen=7 active_threads=0 tvp=NULL
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: 617187a2 daemon: epoll: 
listen=8 active_threads=0 tvp=NULL
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: 617187a2 daemon: epoll: 
listen=9 active_threads=0 tvp=NULL
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: 617187a2 daemon: epoll: 
listen=10 active_threads=0 tvp=NULL
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: 617187a2 daemon: epoll: 
listen=11 active_threads=0 tvp=NULL
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: 617187a2 connection_get(15)
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: 617187a2 
connection_get(15): got connid=1001
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: 617187a2 
connection_read(15): checking for input on id=1001
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: tls_read: want=5, got=5
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: 0000:  15 03 03 00 
02                                     .....
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: tls_read: want=2, got=2
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: 0000:  02 
30                                              .0
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: TLS trace: SSL3 alert 
read:fatal:unknown CA
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: TLS trace: 
SSL_accept:failed in error
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: TLS: can't accept: 
error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca.
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: 617187a2 
connection_read(15): TLS accept failure error=-1 id=1001, closing
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: 617187a2 
connection_closing: readying conn=1001 sd=15 for close
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: 617187a2 connection_close: 
conn=1001 sd=15
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: 617187a2 daemon: removing 15
Oct 21 18:30:42 ldap.noa.gr slapd-cli[24796]: 617187a2 conn=1001 fd=15 
closed (TLS negotiation failure)
It shows that the CA/cert has issues. Yet, everything was working fine 
until last upgrade!
Nick
On 21/10/2021 6:20 μ.μ., Howard Chu wrote:
...
Run ldapwhoami with -d -1. Also run slapd with -d -1.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Re: Problem with SSL/TLS on CentOS 7 after upgrading to 2.4.59