On Fri, Oct 28, 2005 at 01:28:13PM +0200, Alessandro Morelli wrote: > When smbldap-tools (0.9.1-2) is trying to contact a slapd server using TLS, > the operation fails. > > The server (slapd_2.2.26-4.0.1 linked with libssl0.9.8_0.9.8a-2) refuses > to accept the client certificate, signalling: > > TLS trace: SSL3 alert write:fatal:protocol version > TLS trace: SSL_accept:error in SSLv3 read client certificate A > TLS: can't accept. > TLS: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number > s3_pkt.c:288 > connection_read(12): TLS accept error error=-1 id=0, closing > > Earlier in the trace: > TLS trace: SSL_accept:SSLv3 flush data > tls_read: want=5 error=Resource temporarily unavailable > TLS trace: SSL_accept:error in SSLv3 read client certificate A > TLS trace: SSL_accept:error in SSLv3 read client certificate A > > smbldap-tools has been configure to NOT offer a client certificate, so > it is plausible that libnet-ssleay-perl offers some garbage in lieu of > a certicate to the server, triggering the protocol version error.
This seems to be an ssl bug. Please upgrade libssl0.9.8 to version 0.9.8a-3 and see if this still happens. > libnet-ssleay-perl_1.25-1.1 does not exhibit this behaviour. Sounds reasonable. -1.1 is linked against libssl0.9.7. Regards, Flo
signature.asc
Description: Digital signature