* [Comm] TLS SSL
@ 2005-04-21 7:15 Anton Gorlov
2005-04-21 11:39 ` Boldin Pavel
0 siblings, 1 reply; 2+ messages in thread
From: Anton Gorlov @ 2005-04-21 7:15 UTC (permalink / raw)
To: community; +Cc: Boldin Pavel
Здравствуйте, community.
В общем проблема судя по всему с сертефикатами... Но только почему я
так и не понял.
Сегодня (сейчас) сгенерил новые сертефикаты, как описано на
http://volgograd.lug.ru/wiki/GrableVodstvo/
articles/OpenLdap/OpenLdapAndTlsSSL.
Перезапустил slapd:
[root@ring openldap]# netstat -nap | grep slapd
tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 10505/slapd
unix 2 [ ] DGRAM 34761 10505/slapd
Делаю
openssl s_client -connect ring.local:636
-showcerts -state -CAfile /etc/openldap/ssl/cacert.pem
И получаю:
CONNECTED(00000004)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1 /C=ru/ST=Privolzhskiy Region/L=Penza/O=RCC/OU=Admin
/CN=ring.local/emailAddress=gorlov@tl.ru
verify return:1
depth=0 /C=ru/ST=Privolzhskiy Region/L=Penza/O=RCC/OU=Admin
/CN=ring.local/emailAddress=gorlov@tl.ru
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL3 alert read:fatal:handshake failure
SSL_connect:failed in SSLv3 read finished A
10519:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3
alert handshake failure:s3_pkt.c:1052:SSL alert number 40
10519:error:140790E5:SSL routines:SSL23_WRITE:
ssl handshake failure:s23_lib.c:226:
--
С уважением,
Anton mailto:Pnz.Stalker@mail.ru
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [Comm] TLS SSL
2005-04-21 7:15 [Comm] TLS SSL Anton Gorlov
@ 2005-04-21 11:39 ` Boldin Pavel
0 siblings, 0 replies; 2+ messages in thread
From: Boldin Pavel @ 2005-04-21 11:39 UTC (permalink / raw)
To: community
Anton Gorlov пишет:
> Здравствуйте, community.
так вроде настроили уже? или нет?
ЗЫЖ пишем доку?
--
Болдин Павел aka davinchi
ldavinchi@inbox.ru or davinchi@zu.org.ru
ZU - Zagovor Unixoidov. SSAU 303.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-04-21 11:39 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-04-21 7:15 [Comm] TLS SSL Anton Gorlov
2005-04-21 11:39 ` Boldin Pavel
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git