From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <Pnz.Stalker@mail.ru>
Date: Thu, 21 Apr 2005 11:15:05 +0400
From: Anton Gorlov <Pnz.Stalker@mail.ru>
X-Mailer: The Bat! (v3.0.1.33) Professional
X-Priority: 3 (Normal)
Message-ID: <1648700210.20050421111505@mail.ru>
To: community@altlinux.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=Windows-1251
Content-Transfer-Encoding: quoted-printable
Cc: Boldin Pavel <ldavinchi@inbox.ru>
Subject: [Comm] TLS SSL
X-BeenThere: community@altlinux.ru
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: community@altlinux.ru
List-Id: Mailing list for ALT Linux users <community.altlinux.ru>
List-Unsubscribe: <https://lists.altlinux.ru/mailman/listinfo/community>,
	<mailto:community-request@altlinux.ru?subject=unsubscribe>
List-Archive: <http://lists.altlinux.ru/pipermail/community>
List-Post: <mailto:community@altlinux.ru>
List-Help: <mailto:community-request@altlinux.ru?subject=help>
List-Subscribe: <https://lists.altlinux.ru/mailman/listinfo/community>,
	<mailto:community-request@altlinux.ru?subject=subscribe>
X-List-Received-Date: Thu, 21 Apr 2005 07:16:49 -0000
Archived-At: <http://lore.altlinux.org/community/1648700210.20050421111505@mail.ru/>
List-Archive: <http://lore.altlinux.org/community/>
List-Post: <mailto:mandrake-russian@linuxteam.iplabs.ru>

=C7=E4=F0=E0=E2=F1=F2=E2=F3=E9=F2=E5, community.

=C2 =EE=E1=F9=E5=EC =EF=F0=EE=E1=EB=E5=EC=E0 =F1=F3=E4=FF =EF=EE =E2=F1=E5=
=EC=F3 =F1 =F1=E5=F0=F2=E5=F4=E8=EA=E0=F2=E0=EC=E8... =CD=EE =F2=EE=EB=FC=
=EA=EE =EF=EE=F7=E5=EC=F3 =FF
=F2=E0=EA =E8 =ED=E5 =EF=EE=ED=FF=EB.
=D1=E5=E3=EE=E4=ED=FF (=F1=E5=E9=F7=E0=F1) =F1=E3=E5=ED=E5=F0=E8=EB =ED=EE=
=E2=FB=E5 =F1=E5=F0=F2=E5=F4=E8=EA=E0=F2=FB, =EA=E0=EA =EE=EF=E8=F1=E0=ED=
=EE =ED=E0
http://volgograd.lug.ru/wiki/GrableVodstvo/
articles/OpenLdap/OpenLdapAndTlsSSL.


=CF=E5=F0=E5=E7=E0=EF=F3=F1=F2=E8=EB slapd:

[root@ring openldap]# netstat -nap | grep slapd
tcp   0   0 0.0.0.0:636    0.0.0.0:*  LISTEN   10505/slapd
unix  2   [ ]     DGRAM 34761  10505/slapd

=C4=E5=EB=E0=FE
openssl s_client -connect ring.local:636
-showcerts -state -CAfile /etc/openldap/ssl/cacert.pem

=C8 =EF=EE=EB=F3=F7=E0=FE:

CONNECTED(00000004)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=3D1 /C=3Dru/ST=3DPrivolzhskiy Region/L=3DPenza/O=3DRCC/OU=3DAdmin
/CN=3Dring.local/emailAddress=3Dgorlov@tl.ru
verify return:1
depth=3D0 /C=3Dru/ST=3DPrivolzhskiy Region/L=3DPenza/O=3DRCC/OU=3DAdmin
/CN=3Dring.local/emailAddress=3Dgorlov@tl.ru
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL3 alert read:fatal:handshake failure
SSL_connect:failed in SSLv3 read finished A
10519:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3
alert handshake failure:s3_pkt.c:1052:SSL alert number 40
10519:error:140790E5:SSL routines:SSL23_WRITE:
ssl handshake failure:s23_lib.c:226:

--=20
=D1 =F3=E2=E0=E6=E5=ED=E8=E5=EC,
 Anton                          mailto:Pnz.Stalker@mail.ru