[Help-gnutls] Re: OpenLDAP related flaw in GnuTLS

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnutls] Re: OpenLDAP related flaw in GnuTLS

From:	Simon Josefsson
Subject:	[Help-gnutls] Re: OpenLDAP related flaw in GnuTLS
Date:	Thu, 13 Nov 2008 09:37:52 +0100
User-agent:	Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.60 (gnu/linux)

I'm adding the address@hidden list to the discussion.

Bejoy Abraham Mathews <address@hidden> writes:

> This is the output from "slapd -d -1"
>
> tls_read: want=5, got=0
>
> TLS: can't accept: A TLS packet with unexpected length was received..
> connection_read(13): TLS accept failure error=-1 id=1, closing
> connection_closing: readying conn=1 sd=13 for close
> connection_close: conn=1 sd=13
> daemon: removing 13
> conn=1 fd=13 closed (TLS negotiation failure)

Is there any way to enable GnuTLS debugging in OpenLDAP?  We need more
information to debug this.

What client is connecting to your slapd server above?  Are you sure the
client is configured properly?  What error messages does the client print?

/Simon

>
>
>
>
>
> ________________________________
> From: Bejoy Abraham Mathews <address@hidden>
> To: Simon Josefsson <address@hidden>
> Sent: Wednesday, 12 November, 2008 8:02:10 PM
> Subject: Re: OpenLDAP related flaw in GnuTLS
>
>
> I don't find any errors in compilation of OpenLDAP using --with-tls=gnutls. 
> But I don't know to read the StartTLS option. It is not reading the 
> certificates. Showing TLS handshake error :(
>
>
>
>
> ________________________________
> From: Bejoy Abraham Mathews <address@hidden>
> To: Simon Josefsson <address@hidden>
> Sent: Wednesday, 12 November, 2008 6:12:01 PM
> Subject: Re: OpenLDAP related flaw in GnuTLS
>
>
> Thanks for the advice Simon. I tried sending to it straight in the beginning 
> - but that mail got rejected. Anyway, when I do get a solution - I will send 
> one straight CCg you.
>
> With Regards
> Bejoy
>
>
>
>
> ________________________________
> From: Simon Josefsson <address@hidden>
> To: Bejoy Abraham Mathews <address@hidden>
> Sent: Wednesday, 12 November, 2008 5:01:14 PM
> Subject: Re: OpenLDAP related flaw in GnuTLS
>
> Bejoy Abraham Mathews <address@hidden> writes:
>
>> thanks Simon. You can close this thread. I'll add to this thread as a
>> solution when I get gnutls properly running with certificates.
>
> Others may have similar questions as you had, so posting what you find
> to the list can be useful.
>
>> I'm not member of address@hidden yet.
>
> It is moderated, so you can send to it even if you are not a member.
>
> /Simon
>
> ________________________________
>  Add more friends to your messenger and enjoy! Invite them now.
> ________________________________
>  Add more friends to your messenger and enjoy! Invite them now.
>
>
>       Bring your gang together. Do your thing. Find your favourite Yahoo! 
> group at http://in.promos.yahoo.com/groups/

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnutls] Re: OpenLDAP related flaw in GnuTLS, Simon Josefsson, 2008/11/12
- [Help-gnutls] Re: OpenLDAP related flaw in GnuTLS, Simon Josefsson <=

Prev by Date: [Help-gnutls] Re: Is gnutls using the shell model or the chain model for a certificate validation
Next by Date: [Help-gnutls] Respecting the validity period of Root CA certificates [was: Re: Is gnutls using the shell model or the chain model for a certificate validation]
Previous by thread: [Help-gnutls] Re: OpenLDAP related flaw in GnuTLS
Next by thread: [Help-gnutls] GnuTLS 2.6.2 - Brown paper bag release
Index(es):
- Date
- Thread