[Help-gnutls] Re: OpenLDAP related flaw in GnuTLS

Simon Josefsson simon at josefsson.org
Thu Nov 13 09:37:52 CET 2008 

I'm adding the help-gnutls at gnu.org list to the discussion.

Bejoy Abraham Mathews <bejnet at yahoo.com> writes:

> This is the output from "slapd -d -1"
>
> tls_read: want=5, got=0
>
> TLS: can't accept: A TLS packet with unexpected length was received..
> connection_read(13): TLS accept failure error=-1 id=1, closing
> connection_closing: readying conn=1 sd=13 for close
> connection_close: conn=1 sd=13
> daemon: removing 13
> conn=1 fd=13 closed (TLS negotiation failure)

Is there any way to enable GnuTLS debugging in OpenLDAP?  We need more
information to debug this.

What client is connecting to your slapd server above?  Are you sure the
client is configured properly?  What error messages does the client print?

/Simon

>
>
>
>
>
> ________________________________
> From: Bejoy Abraham Mathews <bejnet at yahoo.com>
> To: Simon Josefsson <simon at josefsson.org>
> Sent: Wednesday, 12 November, 2008 8:02:10 PM
> Subject: Re: OpenLDAP related flaw in GnuTLS
>
>
> I don't find any errors in compilation of OpenLDAP using --with-tls=gnutls. But I don't know to read the StartTLS option. It is not reading the certificates. Showing TLS handshake error :(
>
>
>
>
> ________________________________
> From: Bejoy Abraham Mathews <bejnet at yahoo.com>
> To: Simon Josefsson <simon at josefsson.org>
> Sent: Wednesday, 12 November, 2008 6:12:01 PM
> Subject: Re: OpenLDAP related flaw in GnuTLS
>
>
> Thanks for the advice Simon. I tried sending to it straight in the beginning - but that mail got rejected. Anyway, when I do get a solution - I will send one straight CCg you.
>
> With Regards
> Bejoy
>
>
>
>
> ________________________________
> From: Simon Josefsson <simon at josefsson.org>
> To: Bejoy Abraham Mathews <bejnet at yahoo.com>
> Sent: Wednesday, 12 November, 2008 5:01:14 PM
> Subject: Re: OpenLDAP related flaw in GnuTLS
>
> Bejoy Abraham Mathews <bejnet at yahoo.com> writes:
>
>> thanks Simon. You can close this thread. I'll add to this thread as a
>> solution when I get gnutls properly running with certificates.
>
> Others may have similar questions as you had, so posting what you find
> to the list can be useful.
>
>> I'm not member of help-gnutls at gnu.org yet.
>
> It is moderated, so you can send to it even if you are not a member.
>
> /Simon
>
> ________________________________
>  Add more friends to your messenger and enjoy! Invite them now.
> ________________________________
>  Add more friends to your messenger and enjoy! Invite them now.
>
>
>       Bring your gang together. Do your thing. Find your favourite Yahoo! group at http://in.promos.yahoo.com/groups/

More information about the Gnutls-help mailing list