Hi, In fact your ldap server is running TLS (everything can be seen with ldapsearch in debug mode). the problem comes from ldap using SASL mechanism. As i'm not expert in this, as can just suggest you to have a look at SASL documentation. There is some sort of authentication before the real SSL/TLS support can be added.
... ldap_int_sasl_open: host=CoyoteNux.netsecureone.com ldap_open_defconn: successful ldap_send_server_request ber_flush: 31 bytes to sd 3 0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1 0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037 ldap_write: want=31, written=31 0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1 0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037 ldap_result msgid 1 ldap_chkResponseList for msgid=1, all=1 ldap_chkResponseList returns NULL ..... After is SSL handshake.... Hope it could help. Fred -----Original Message----- From: [EMAIL PROTECTED] on behalf of Hans Moser Sent: Tue 3/1/2005 11:41 AM To: openssl-users@openssl.org Cc: Subject: Re: s_client handshake failure [auf Viren überprüft] Hans Moser schrieb das Folgende am 25.02.2005 13:51: > [EMAIL PROTECTED] schrieb das Folgende am 24.02.2005 20:16: > >> I think your ldap server is NOT running TLS. > Here is my ldapsearch debug output, including > "TLS trace: SSL_connect:SSLv3 read server certificate A": > > [EMAIL PROTECTED]:/ldap> bin/ldapsearch -Z -x -d -1 -h localhost:666 > [... for details see former mail] Is it running TLS or not? Hans ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
