From: Pavel Wolneykien <manowar@altlinux.org> To: "Anton Gorlov" <stalker@altlinux.ru> Cc: devel@lists.altlinux.org, ldv@altlinux.org Subject: [devel] NSS_LDAP + TLS Date: Tue, 28 Oct 2008 23:25:16 +0300 Message-ID: <20081028232516.12662@dinkum-thinkum.spb.altlinux.org> (raw) Здравствуйте, всем привет, Есть небольшая проблема в работе nss_ldap (nss_ldap-252-alt2). Обращение за данными через NSS приводит к бесконечному (с количеством итераций больше моего терпения :) ) циклу переподключений к серверу LDAP в том случае, если используется TLS (StartTLS) и производится попытка проверки подлинности сертификата сервера. При этом pam_ldap работает в такой же конфигурации абсолютно нормально. В логе сервера LDAP (slapd -d1) не видно ошибок (клиент подключился, установлено TLS соединение, клиент разорвал соединение, и т.д.). Как я понимаю, и pam_ldap, и nss_ldap используют библиотеку libldap и оба чувствительны к параметрам, указанным в /etc/openldap/ldap.conf. Кроме того и pam_ldap, и nss_ldap имеют собственные конфигурационные файлы, совместимые друг с другом (/etc/pam_ldap.conf и /etc/nss_ldap.conf). Так вот, в том случае если в основном файле /etc/openldap/ldap.conf указан доверяемый сертификат CA (параметр TLS_CACERT) и разрешено производить проверку подлинности (TLS_REQCERT allow), а в конфигурационных файлах pam_ldap.conf и nss_ldap.conf указано 'ssl start_tls', то pam_ldap отрабатывает нормально (и сертификат проходит проверку подлинности, а запрос через nss (например `/usr/bin/id`) приводит к циклу переподключений. В данный момент я решаю эту проблему путём указания в /etc/nss_ldap.conf параметра 'tls_checkpeer no', т.е. путём запрещения производить проверку подлинности сертификата именно для nss_ldap. В этом случае nss_ldap (`id`) отрабатывает нормально. Я пробовал указывать сертификат непосредственно в самом файле nss_ldap.conf и прочие варианты, но похоже, что любая попытка установить TLS соединение из nss_ldap с проверкой подлинности завершается ошибкой. Хотелось бы узнать: 1) Есть ли готовый рецепт для решения этой проблемы? 2) Можно ли как-то (без привлечения отладчика :) ), узнать, что именно заставляет nss_ldap переподключаться; возможно ли как-то включить вывод отладочных сообщений из nss_ldap (если он там предусмотрен...)? В заключение, привожу фрагменты конфигурационных файлов и логи работы сервера и клиента (slapd и nss_ldap (`id`)). Павел. $ sudo grep '^[^#].*' /etc/openldap/ldap.conf TLS_CACERT /etc/openssl/cacert.pem TLS_REQCERT demand URI ldap:/// ldaps:/// $ sudo grep '^[^#].*' /etc/openldap/slapd.conf include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/ppolicy.schema allow bind_v2 concurrency 20 gentlehup on sizelimit -1 pidfile /var/run/slapd.pid argsfile /var/run/slapd.args replica-pidfile /var/run/slurpd.pid replica-argsfile /var/run/slurpd.args rootDSE /etc/openldap/rootdse.ldif TLSCACertificateFile /etc/openldap/ssl/cacert.pem TLSCertificateFile /etc/openldap/ssl/server.pem TLSCertificateKeyFile /etc/openldap/ssl/server.pem access to dn.exact="" by * read access to dn.subtree="cn=Subschema" by * read access to attrs=userPassword by self write by anonymous auth by * none modulepath /usr/lib/openldap moduleload back_hdb.la moduleload back_monitor.la moduleload back_null.la moduleload ppolicy.la moduleload syncprov.la include /etc/openldap/schema/ism.schema include /etc/openldap/slapd-hdb-spb.altlinux.org.conf $ sudo diff -su /etc/openssl/cacert.pem /etc/openldap/ssl/cacert.pem Files /etc/openssl/cacert.pem and /etc/openldap/ssl/cacert.pem are identical $ sudo grep '^[^#].*' /etc/pam_ldap.conf host 10.1.1.52 10.1.1.4 base dc=spb,dc=altlinux,dc=org timelimit 5 bind_timelimit 5 ssl start_tls $ sudo grep '^[^#].*' /etc/nss_ldap.conf host 10.1.1.52 10.1.1.4 base dc=spb,dc=altlinux,dc=org timelimit 5 bind_timelimit 5 ssl start_tls $ sudo grep '^[^#].*' /etc/nsswitch.conf passwd: files ldap nisplus nis shadow: tcb files ldap nisplus nis group: files ldap nisplus nis hosts: files nisplus nis dns ethers: files netmasks: files networks: files protocols: files rpc: files services: files bootparams: nisplus [NOTFOUND=return] files netgroup: nisplus publickey: nisplus automount: files nisplus aliases: files nisplus $ sudo tail -85 /var/log/syslog/messages Oct 28 22:59:15 dinkum-thinkum slapd[12419]: slapd starting Oct 28 22:59:16 dinkum-thinkum slapd[12419]: conn=0 fd=12 ACCEPT from IP=10.1.1.52:57743 (IP=0.0.0.0:389) Oct 28 22:59:16 dinkum-thinkum slapd[12419]: conn=0 op=0 STARTTLS Oct 28 22:59:16 dinkum-thinkum slapd[12419]: conn=0 op=0 RESULT oid= err=0 text= Oct 28 22:59:16 dinkum-thinkum slapd[12419]: conn=0 fd=12 TLS established tls_ssf=256 ssf=256 Oct 28 22:59:16 dinkum-thinkum slapd[12419]: conn=0 op=1 BIND dn="" method=128 Oct 28 22:59:16 dinkum-thinkum slapd[12419]: conn=0 op=1 RESULT tag=97 err=0 text= Oct 28 22:59:16 dinkum-thinkum slapd[12419]: conn=0 op=2 SRCH base="dc=spb,dc=altlinux,dc=org" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=-))" Oct 28 22:59:16 dinkum-thinkum slapd[12419]: conn=0 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Oct 28 22:59:16 dinkum-thinkum slapd[12419]: conn=0 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= Oct 28 22:59:16 dinkum-thinkum id: nss_ldap: reconnected to LDAP server ldap://10.1.1.52 after 5 attempts Oct 28 22:59:16 dinkum-thinkum slapd[12419]: conn=0 fd=12 closed (connection lost) Oct 28 22:59:16 dinkum-thinkum slapd[12419]: conn=1 fd=12 ACCEPT from IP=10.1.1.52:57745 (IP=0.0.0.0:389) Oct 28 22:59:16 dinkum-thinkum slapd[12419]: conn=1 op=0 STARTTLS Oct 28 22:59:16 dinkum-thinkum slapd[12419]: conn=1 op=0 RESULT oid= err=0 text= Oct 28 22:59:16 dinkum-thinkum slapd[12419]: conn=1 fd=12 TLS established tls_ssf=256 ssf=256 Oct 28 22:59:16 dinkum-thinkum slapd[12419]: conn=1 op=1 UNBIND Oct 28 22:59:16 dinkum-thinkum slapd[12419]: conn=1 fd=12 closed Oct 28 22:59:19 dinkum-thinkum slapd[12419]: conn=2 fd=12 ACCEPT from IP=10.1.1.52:57762 (IP=0.0.0.0:389) Oct 28 22:59:19 dinkum-thinkum slapd[12419]: conn=2 op=0 STARTTLS Oct 28 22:59:19 dinkum-thinkum slapd[12419]: conn=2 op=0 RESULT oid= err=0 text= Oct 28 22:59:19 dinkum-thinkum slapd[12419]: conn=2 fd=12 TLS established tls_ssf=256 ssf=256 Oct 28 22:59:19 dinkum-thinkum slapd[12419]: conn=2 op=1 UNBIND Oct 28 22:59:19 dinkum-thinkum slapd[12419]: conn=2 fd=12 closed Oct 28 22:59:19 dinkum-thinkum slapd[12419]: conn=3 fd=12 ACCEPT from IP=10.1.1.52:57765 (IP=0.0.0.0:389) Oct 28 22:59:19 dinkum-thinkum slapd[12419]: conn=4 fd=15 ACCEPT from IP=10.1.1.52:57766 (IP=0.0.0.0:389) Oct 28 22:59:19 dinkum-thinkum slapd[12419]: conn=3 op=0 STARTTLS Oct 28 22:59:19 dinkum-thinkum slapd[12419]: conn=3 op=0 RESULT oid= err=0 text= Oct 28 22:59:19 dinkum-thinkum slapd[12419]: conn=4 op=0 STARTTLS Oct 28 22:59:19 dinkum-thinkum slapd[12419]: conn=4 op=0 RESULT oid= err=0 text= Oct 28 22:59:19 dinkum-thinkum slapd[12419]: conn=3 fd=12 TLS established tls_ssf=256 ssf=256 Oct 28 22:59:19 dinkum-thinkum slapd[12419]: conn=4 fd=15 TLS established tls_ssf=256 ssf=256 Oct 28 22:59:19 dinkum-thinkum slapd[12419]: conn=3 op=1 UNBIND Oct 28 22:59:19 dinkum-thinkum slapd[12419]: conn=3 fd=12 closed Oct 28 22:59:19 dinkum-thinkum slapd[12419]: conn=4 op=1 UNBIND Oct 28 22:59:19 dinkum-thinkum slapd[12419]: conn=4 fd=15 closed Oct 28 22:59:22 dinkum-thinkum su[12425]: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)... Oct 28 22:59:22 dinkum-thinkum id: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)... ... $ sed -n -e ':r /^slapd starting/bo' -e '{n; br}' -e ':o {p; n; bo}' slapd.log slapd starting >>> slap_listener(ldap:///) connection_get(12): got connid=0 connection_read(12): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 29 contents: ber_get_next do_extended ber_scanf fmt ({m) ber: send_ldap_extended: err=0 oid= len=0 send_ldap_response: msgid=1 tag=120 err=0 ber_flush: 14 bytes to sd 12 connection_get(12): got connid=0 connection_read(12): checking for input on id=0 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A connection_get(12): got connid=0 connection_read(12): checking for input on id=0 TLS trace: SSL_accept:SSLv3 read client key exchange A TLS trace: SSL_accept:SSLv3 read finished A TLS trace: SSL_accept:SSLv3 write change cipher spec A TLS trace: SSL_accept:SSLv3 write finished A TLS trace: SSL_accept:SSLv3 flush data connection_read(12): unable to get TLS client DN, error=49 id=0 connection_get(12): got connid=0 connection_read(12): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 12 contents: ber_get_next do_bind ber_scanf fmt ({imt) ber: ber_scanf fmt (m}) ber: >>> dnPrettyNormal: <> <<< dnPrettyNormal: <>, <> do_bind: version=3 dn="" method=128 send_ldap_result: conn=0 op=1 p=3 send_ldap_response: msgid=2 tag=97 err=0 ber_flush: 14 bytes to sd 12 do_bind: v3 anonymous bind connection_get(12): got connid=0 connection_read(12): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 196 contents: ber_get_next do_search ber_scanf fmt ({miiiib) ber: >>> dnPrettyNormal: <dc=spb,dc=altlinux,dc=org> <<< dnPrettyNormal: <dc=spb,dc=altlinux,dc=org>, <dc=spb,dc=altlinux,dc=org> ber_scanf fmt ({mm}) ber: ber_scanf fmt ({mm}) ber: ber_scanf fmt ({M}}) ber: ==> limits_get: conn=0 op=2 dn="[anonymous]" => hdb_search bdb_dn2entry("dc=spb,dc=altlinux,dc=org") => hdb_dn2id("dc=spb,dc=altlinux,dc=org") <= hdb_dn2id: got id=0x1 entry_decode: "" <= entry_decode() search_candidates: base="dc=spb,dc=altlinux,dc=org" (0x00000001) scope=2 => hdb_dn2idl("dc=spb,dc=altlinux,dc=org") => bdb_equality_candidates (objectClass) => key_read <= bdb_index_read: failed (-30989) <= bdb_equality_candidates: id=0, first=0, last=0 => bdb_equality_candidates (objectClass) => key_read <= bdb_index_read 3 candidates <= bdb_equality_candidates: id=3, first=8, last=18 => bdb_equality_candidates (uid) => key_read <= bdb_index_read: failed (-30989) <= bdb_equality_candidates: id=0, first=0, last=0 bdb_search_candidates: id=0 first=1 last=0 hdb_search: no candidates send_ldap_result: conn=0 op=2 p=3 send_ldap_response: msgid=3 tag=101 err=0 ber_flush: 14 bytes to sd 12 connection_get(12): got connid=0 connection_read(12): checking for input on id=0 ber_get_next ber_get_next on fd 12 failed errno=0 (Success) connection_closing: readying conn=0 sd=12 for close connection_close: conn=0 sd=12 TLS trace: SSL3 alert write:warning:close notify >>> slap_listener(ldap:///) connection_get(12): got connid=1 connection_read(12): checking for input on id=1 ber_get_next ber_get_next: tag 0x30 len 29 contents: ber_get_next do_extended ber_scanf fmt ({m) ber: send_ldap_extended: err=0 oid= len=0 send_ldap_response: msgid=1 tag=120 err=0 ber_flush: 14 bytes to sd 12 connection_get(12): got connid=1 connection_read(12): checking for input on id=1 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A connection_get(12): got connid=1 connection_read(12): checking for input on id=1 TLS trace: SSL_accept:SSLv3 read client key exchange A TLS trace: SSL_accept:SSLv3 read finished A TLS trace: SSL_accept:SSLv3 write change cipher spec A TLS trace: SSL_accept:SSLv3 write finished A TLS trace: SSL_accept:SSLv3 flush data connection_read(12): unable to get TLS client DN, error=49 id=1 connection_get(12): got connid=1 connection_read(12): checking for input on id=1 ber_get_next ber_get_next: tag 0x30 len 5 contents: do_unbind ber_get_next TLS trace: SSL3 alert read:warning:close notify ber_get_next on fd 12 failed errno=0 (Success) connection_closing: readying conn=1 sd=12 for close connection_close: deferring conn=1 sd=12 connection_resched: attempting closing conn=1 sd=12 connection_close: conn=1 sd=12 TLS trace: SSL3 alert write:warning:close notify >>> slap_listener(ldap:///) connection_get(12): got connid=2 connection_read(12): checking for input on id=2 ber_get_next ber_get_next: tag 0x30 len 29 contents: do_extended ber_scanf fmt ({m) ber: ber_get_next send_ldap_extended: err=0 oid= len=0 send_ldap_response: msgid=1 tag=120 err=0 ber_flush: 14 bytes to sd 12 connection_get(12): got connid=2 connection_read(12): checking for input on id=2 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A connection_get(12): got connid=2 connection_read(12): checking for input on id=2 TLS trace: SSL_accept:SSLv3 read client key exchange A TLS trace: SSL_accept:SSLv3 read finished A TLS trace: SSL_accept:SSLv3 write change cipher spec A TLS trace: SSL_accept:SSLv3 write finished A TLS trace: SSL_accept:SSLv3 flush data connection_read(12): unable to get TLS client DN, error=49 id=2 connection_get(12): got connid=2 connection_read(12): checking for input on id=2 ber_get_next ber_get_next: tag 0x30 len 5 contents: do_unbind ber_get_next TLS trace: SSL3 alert read:warning:close notify ber_get_next on fd 12 failed errno=0 (Success) connection_closing: readying conn=2 sd=12 for close connection_close: deferring conn=2 sd=12 connection_resched: attempting closing conn=2 sd=12 connection_close: conn=2 sd=12 TLS trace: SSL3 alert write:warning:close notify >>> slap_listener(ldap:///) >>> slap_listener(ldap:///) connection_get(12): got connid=3 connection_read(12): checking for input on id=3 ber_get_next ber_get_next: tag 0x30 len 29 contents: do_extended ber_scanf fmt ({m) ber: ber_get_next connection_get(15): got connid=4 connection_read(15): checking for input on id=4 ber_get_next ber_get_next: tag 0x30 len 29 contents: send_ldap_extended: err=0 oid= len=0 send_ldap_response: msgid=1 tag=120 err=0 ber_flush: 14 bytes to sd 12 do_extended ber_scanf fmt ({m) ber: ber_get_next send_ldap_extended: err=0 oid= len=0 send_ldap_response: msgid=1 tag=120 err=0 ber_flush: 14 bytes to sd 15 connection_get(12): got connid=3 connection_read(12): checking for input on id=3 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A connection_get(15): got connid=4 connection_read(15): checking for input on id=4 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A connection_get(12): got connid=3 connection_read(12): checking for input on id=3 TLS trace: SSL_accept:SSLv3 read client key exchange A TLS trace: SSL_accept:SSLv3 read finished A TLS trace: SSL_accept:SSLv3 write change cipher spec A TLS trace: SSL_accept:SSLv3 write finished A TLS trace: SSL_accept:SSLv3 flush data connection_read(12): unable to get TLS client DN, error=49 id=3 connection_get(15): got connid=4 connection_read(15): checking for input on id=4 TLS trace: SSL_accept:SSLv3 read client key exchange A TLS trace: SSL_accept:SSLv3 read finished A TLS trace: SSL_accept:SSLv3 write change cipher spec A TLS trace: SSL_accept:SSLv3 write finished A TLS trace: SSL_accept:SSLv3 flush data connection_read(15): unable to get TLS client DN, error=49 id=4 connection_get(12): got connid=3 connection_read(12): checking for input on id=3 ber_get_next ber_get_next: tag 0x30 len 5 contents: ber_get_next do_unbind TLS trace: SSL3 alert read:warning:close notify ber_get_next on fd 12 failed errno=0 (Success) connection_closing: readying conn=3 sd=12 for close connection_close: deferring conn=3 sd=12 connection_resched: attempting closing conn=3 sd=12 connection_close: conn=3 sd=12 TLS trace: SSL3 alert write:warning:close notify connection_get(15): got connid=4 connection_read(15): checking for input on id=4 ber_get_next ber_get_next: tag 0x30 len 5 contents: do_unbind ber_get_next TLS trace: SSL3 alert read:warning:close notify ber_get_next on fd 15 failed errno=0 (Success) connection_closing: readying conn=4 sd=15 for close connection_close: deferring conn=4 sd=15 connection_resched: attempting closing conn=4 sd=15 connection_close: conn=4 sd=15 TLS trace: SSL3 alert write:warning:close notify >>> slap_listener(ldap:///) connection_get(12): got connid=5 connection_read(12): checking for input on id=5 ber_get_next ber_get_next: tag 0x30 len 29 contents: ber_get_next do_extended ber_scanf fmt ({m) ber: send_ldap_extended: err=0 oid= len=0 send_ldap_response: msgid=1 tag=120 err=0 ber_flush: 14 bytes to sd 12 >>> slap_listener(ldap:///) connection_get(15): got connid=6 connection_read(15): checking for input on id=6 ber_get_next ber_get_next: tag 0x30 len 29 contents: do_extended ber_scanf fmt ({m) ber: ber_get_next send_ldap_extended: err=0 oid= len=0 send_ldap_response: msgid=1 tag=120 err=0 ber_flush: 14 bytes to sd 15 connection_get(12): got connid=5 connection_read(12): checking for input on id=5 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A connection_get(15): got connid=6 connection_read(15): checking for input on id=6 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A connection_get(12): got connid=5 connection_read(12): checking for input on id=5 TLS trace: SSL_accept:SSLv3 read client key exchange A TLS trace: SSL_accept:SSLv3 read finished A TLS trace: SSL_accept:SSLv3 write change cipher spec A TLS trace: SSL_accept:SSLv3 write finished A TLS trace: SSL_accept:SSLv3 flush data connection_read(12): unable to get TLS client DN, error=49 id=5 connection_get(15): got connid=6 connection_read(15): checking for input on id=6 TLS trace: SSL_accept:SSLv3 read client key exchange A TLS trace: SSL_accept:SSLv3 read finished A TLS trace: SSL_accept:SSLv3 write change cipher spec A TLS trace: SSL_accept:SSLv3 write finished A TLS trace: SSL_accept:SSLv3 flush data connection_read(15): unable to get TLS client DN, error=49 id=6 connection_get(12): got connid=5 connection_read(12): checking for input on id=5 ber_get_next ber_get_next: tag 0x30 len 5 contents: ber_get_next do_unbind TLS trace: SSL3 alert read:warning:close notify ber_get_next on fd 12 failed errno=0 (Success) connection_closing: readying conn=5 sd=12 for close connection_close: deferring conn=5 sd=12 connection_resched: attempting closing conn=5 sd=12 connection_close: conn=5 sd=12 TLS trace: SSL3 alert write:warning:close notify connection_get(15): got connid=6 connection_read(15): checking for input on id=6 ber_get_next ber_get_next: tag 0x30 len 5 contents: do_unbind ber_get_next TLS trace: SSL3 alert read:warning:close notify ber_get_next on fd 15 failed errno=0 (Success) connection_closing: readying conn=6 sd=15 for close connection_close: deferring conn=6 sd=15 connection_resched: attempting closing conn=6 sd=15 connection_close: conn=6 sd=15 TLS trace: SSL3 alert write:warning:close notify >>> slap_listener(ldap:///) connection_get(12): got connid=7 connection_read(12): checking for input on id=7 ber_get_next ber_get_next: tag 0x30 len 29 contents: ber_get_next do_extended ber_scanf fmt ({m) ber: send_ldap_extended: err=0 oid= len=0 send_ldap_response: msgid=1 tag=120 err=0 ber_flush: 14 bytes to sd 12 connection_get(12): got connid=7 connection_read(12): checking for input on id=7 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A >>> slap_listener(ldap:///) connection_get(15): got connid=8 connection_read(15): checking for input on id=8 ber_get_next ber_get_next: tag 0x30 len 29 contents: do_extended ber_scanf fmt ({m) ber: ber_get_next send_ldap_extended: err=0 oid= len=0 send_ldap_response: msgid=1 tag=120 err=0 ber_flush: 14 bytes to sd 15 connection_get(15): got connid=8 connection_read(15): checking for input on id=8 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A connection_get(12): got connid=7 connection_read(12): checking for input on id=7 TLS trace: SSL_accept:SSLv3 read client key exchange A TLS trace: SSL_accept:SSLv3 read finished A TLS trace: SSL_accept:SSLv3 write change cipher spec A TLS trace: SSL_accept:SSLv3 write finished A TLS trace: SSL_accept:SSLv3 flush data connection_read(12): unable to get TLS client DN, error=49 id=7 connection_get(15): got connid=8 connection_read(15): checking for input on id=8 TLS trace: SSL_accept:SSLv3 read client key exchange A TLS trace: SSL_accept:SSLv3 read finished A TLS trace: SSL_accept:SSLv3 write change cipher spec A TLS trace: SSL_accept:SSLv3 write finished A TLS trace: SSL_accept:SSLv3 flush data connection_read(15): unable to get TLS client DN, error=49 id=8 connection_get(12): got connid=7 connection_read(12): checking for input on id=7 ber_get_next ber_get_next: tag 0x30 len 5 contents: ber_get_next do_unbind TLS trace: SSL3 alert read:warning:close notify ber_get_next on fd 12 failed errno=0 (Success) connection_closing: readying conn=7 sd=12 for close connection_close: deferring conn=7 sd=12 connection_get(15): got connid=8 connection_resched: attempting closing conn=7 sd=12 connection_read(15): checking for input on id=8 ber_get_next connection_close: conn=7 sd=12 ber_get_next: tag 0x30 len 5 contents: do_unbind TLS trace: SSL3 alert write:warning:close notify ber_get_next TLS trace: SSL3 alert read:warning:close notify ber_get_next on fd 15 failed errno=0 (Success) connection_closing: readying conn=8 sd=15 for close connection_close: deferring conn=8 sd=15 connection_resched: attempting closing conn=8 sd=15 connection_close: conn=8 sd=15 TLS trace: SSL3 alert write:warning:close notify daemon: shutdown requested and initiated. slapd shutdown: waiting for 0 threads to terminate slapd shutdown: initiated ====> bdb_cache_release_all slapd destroy: freeing system resources. slapd stopped.
next reply other threads:[~2008-10-28 20:25 UTC|newest] Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top 2008-10-28 20:25 Pavel Wolneykien [this message] 2008-10-29 11:36 ` Pavel Wolneykien 2008-10-29 21:33 ` Pavel Wolneykien
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20081028232516.12662@dinkum-thinkum.spb.altlinux.org \ --to=manowar@altlinux.org \ --cc=devel@lists.altlinux.org \ --cc=ldv@altlinux.org \ --cc=stalker@altlinux.ru \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
ALT Linux Team development discussions This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \ devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru public-inbox-index devel Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.devel AGPL code for this site: git clone https://public-inbox.org/public-inbox.git