[Pkg-openldap-devel] Bug#381788: slapd: TLS connections fail when
running as non-root
Berg, Michael
michaeljberg at gmail.com
Wed Aug 9 02:23:24 UTC 2006
I spent some more time debugging, and here is some additional info.
I ran slapd with debugging again ('-d 7' to match the previous ldapsearch
debug output), and this time I spotted something that I must have missed
before.
In the interest of space, I removed the pages-upon-pages of output
generated from parsing the schema files. The first line in the attached
debug output is when slapd is opening the Certificate Authority's public
cert. I've also inserted some blank lines and comments (started with a #
character) into the debug output to show relevant events.
Toward the end, there are error messages about:
"TLS trace: SSL_accept:error in SSLv3 read client certificate A"
and
"TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not
return a certificate s3_srvr.c:2455"
This supports the web searches that tied ldapsearch's error of
"error:14094410:SSL" to client certificates. But as previously stated, I
have "TLSVerifyClient never" specified in my slapd.conf (maybe it's not
being respected when running as non-root though).
Anyway, I hope this helps in tracking down the problem. As always, if
there is any additional info I can provide that would help, just let me know.
-------------- next part --------------
...
open("/etc/ssl/certs/misumasu.dyndns.org_CA.pem", O_RDONLY) = 12
fstat(12, {st_mode=S_IFREG|0644, st_size=1094, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2abf18550000
read(12, "-----BEGIN CERTIFICATE-----\nMIIC"..., 4096) = 1094
read(12, "", 4096) = 0
close(12) = 0
munmap(0x2abf18550000, 4096) = 0
open("/usr/lib/ssl/cert.pem", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/ssl/certs/misumasu.dyndns.org_CA.pem", O_RDONLY) = 12
fstat(12, {st_mode=S_IFREG|0644, st_size=1094, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2abf18550000
read(12, "-----BEGIN CERTIFICATE-----\nMIIC"..., 4096) = 1094
read(12, "", 4096) = 0
close(12) = 0
munmap(0x2abf18550000, 4096) = 0
open("/etc/ldap/private/ldap.misumasu.dyndns.org.pem", O_RDONLY) = 12
fstat(12, {st_mode=S_IFREG|0640, st_size=887, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2abf18550000
read(12, "-----BEGIN RSA PRIVATE KEY-----\n"..., 4096) = 887
close(12) = 0
munmap(0x2abf18550000, 4096) = 0
open("/etc/ssl/certs/ldap.misumasu.dyndns.org.pem", O_RDONLY) = 12
fstat(12, {st_mode=S_IFREG|0644, st_size=1131, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2abf18550000
read(12, "-----BEGIN CERTIFICATE-----\nMIID"..., 4096) = 1131
close(12) = 0
munmap(0x2abf18550000, 4096) = 0
rt_sigaction(SIGUSR1, {0x41e850, [], SA_RESTORER|SA_RESTART, 0x2abf16f4f500}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGUSR2, {0x41e870, [], SA_RESTORER|SA_RESTART, 0x2abf16f4f500}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGHUP, {0x41e870, [], SA_RESTORER|SA_RESTART, 0x2abf16f4f500}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGINT, {0x41e870, [], SA_RESTORER|SA_RESTART, 0x2abf16f4f500}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGTERM, {0x41e870, [], SA_RESTORER|SA_RESTART, 0x2abf16f4f500}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGTRAP, {0x41e870, [], SA_RESTORER|SA_RESTART, 0x2abf16f4f500}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGCHLD, {0x411530, [], SA_RESTORER|SA_RESTART, 0x2abf16f4f500}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_IGN}, 8) = 0
open("/var/run/slapd/slapd.pid", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 12
fstat(12, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2abf18550000
write(12, "24540\n", 6) = 6
close(12) = 0
munmap(0x2abf18550000, 4096) = 0
open("/var/run/slapd/slapd.args", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 12
fstat(12, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2abf18550000
write(12, "/usr/sbin/slapd -h ldap://127.0."..., 182) = 182
close(12) = 0
munmap(0x2abf18550000, 4096) = 0
time([1155086433]) = 1155086433
write(2, "slapd startup: initiated.\n", 26slapd startup: initiated.
) = 26
write(2, "backend_startup_one: starting \"c"..., 42backend_startup_one: starting "cn=config"
) = 42
write(2, "config_back_db_open\n", 20config_back_db_open
) = 20
write(2, "config_build_entry: \"cn=config\"\n", 32config_build_entry: "cn=config"
) = 32
write(2, "config_build_entry: \"cn=include{"..., 36config_build_entry: "cn=include{0}"
) = 36
write(2, "config_build_entry: \"cn=include{"..., 36config_build_entry: "cn=include{1}"
) = 36
write(2, "config_build_entry: \"cn=include{"..., 36config_build_entry: "cn=include{2}"
) = 36
write(2, "config_build_entry: \"cn=include{"..., 36config_build_entry: "cn=include{3}"
) = 36
write(2, "config_build_entry: \"cn=include{"..., 36config_build_entry: "cn=include{4}"
) = 36
write(2, "config_build_entry: \"cn=module{0"..., 35config_build_entry: "cn=module{0}"
) = 35
write(2, "config_build_entry: \"cn=schema\"\n", 32config_build_entry: "cn=schema"
) = 32
brk(0x6b3000) = 0x6b3000
write(2, "config_build_entry: \"cn={0}core\""..., 33config_build_entry: "cn={0}core"
) = 33
write(2, "config_build_entry: \"cn={1}cosin"..., 35config_build_entry: "cn={1}cosine"
) = 35
write(2, "config_build_entry: \"cn={2}nis\"\n", 32config_build_entry: "cn={2}nis"
) = 32
write(2, "config_build_entry: \"cn={3}ineto"..., 42config_build_entry: "cn={3}inetorgperson"
) = 42
write(2, "config_build_entry: \"cn={4}samba"..., 34config_build_entry: "cn={4}samba"
) = 34
write(2, "config_build_entry: \"olcDatabase"..., 47config_build_entry: "olcDatabase={-1}frontend"
) = 47
write(2, "config_build_entry: \"olcDatabase"..., 44config_build_entry: "olcDatabase={0}config"
) = 44
write(2, "config_build_entry: \"olcDatabase"..., 41config_build_entry: "olcDatabase={1}bdb"
) = 41
open("/var/lib/ldap/DB_CONFIG", O_RDONLY) = 12
fstat(12, {st_mode=S_IFREG|0644, st_size=96, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2abf18550000
read(12, "set_cachesize 0 2097152 0\nset_lk"..., 4096) = 96
read(12, "", 4096) = 0
close(12) = 0
munmap(0x2abf18550000, 4096) = 0
write(2, "backend_startup_one: starting \"d"..., 61backend_startup_one: starting "dc=misumasu,dc=dyndns,dc=org"
) = 61
write(2, "bdb_db_open: dc=misumasu,dc=dynd"..., 42bdb_db_open: dc=misumasu,dc=dyndns,dc=org
) = 42
stat("/var/lib/ldap", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
time(NULL) = 1155086433
open("/var/lib/ldap/alock", O_RDWR|O_CREAT, 0666) = 12
lseek(12, 0, SEEK_SET) = 0
fcntl(12, F_SETLKW, {type=F_WRLCK, whence=SEEK_CUR, start=0, len=1024}) = 0
fstat(12, {st_mode=S_IFREG|0644, st_size=2048, ...}) = 0
lseek(12, 1024, SEEK_SET) = 1024
read(12, "xV4\22\0\0\0\0\0\0\0\0\0\0\0\0\0328\331D\0\0\0\0\326_\0"..., 1024) = 1024
lseek(12, 1024, SEEK_SET) = 1024
fcntl(12, F_SETLKW, {type=F_WRLCK, whence=SEEK_CUR, start=0, len=1024}) = 0
lseek(12, 1024, SEEK_SET) = 1024
write(12, "xV4\22\0\0\0\0\2\0\0\0\0\0\0\0a8\331D\0\0\0\0\334_\0\0"..., 1024) = 1024
lseek(12, 0, SEEK_SET) = 0
fcntl(12, F_SETLK, {type=F_UNLCK, whence=SEEK_CUR, start=0, len=1024}) = 0
stat("/var/lib/ldap/DB_CONFIG", {st_mode=S_IFREG|0644, st_size=96, ...}) = 0
stat("/var/lib/ldap/__db.001", {st_mode=S_IFREG|0600, st_size=8192, ...}) = 0
open("/etc/mtab", O_RDONLY) = 13
fstat(13, {st_mode=S_IFREG|0644, st_size=1102, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2abf18550000
read(13, "/dev/hda2 / xfs rw 0 0\nproc /pro"..., 4096) = 1102
close(13) = 0
munmap(0x2abf18550000, 4096) = 0
open("/proc/stat", O_RDONLY) = 13
fstat(13, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2abf18550000
read(13, "cpu 74236 6923 121402 47857053 "..., 1024) = 774
read(13, "", 1024) = 0
close(13) = 0
munmap(0x2abf18550000, 4096) = 0
write(2, "bdb_db_open: dbenv_open(/var/lib"..., 39bdb_db_open: dbenv_open(/var/lib/ldap)
) = 39
stat("/var/lib/ldap/DB_CONFIG", {st_mode=S_IFREG|0644, st_size=96, ...}) = 0
open("/var/lib/ldap/DB_CONFIG", O_RDONLY) = 13
fstat(13, {st_mode=S_IFREG|0644, st_size=96, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2abf18550000
read(13, "set_cachesize 0 2097152 0\nset_lk"..., 4096) = 96
read(13, "", 4096) = 0
close(13) = 0
munmap(0x2abf18550000, 4096) = 0
stat("/var/tmp", {st_mode=S_IFDIR|S_ISVTX|0777, st_size=23, ...}) = 0
stat("/var/lib/ldap/__db.001", {st_mode=S_IFREG|0600, st_size=8192, ...}) = 0
open("/var/lib/ldap/__db.001", O_RDWR|O_CREAT|O_EXCL, 0600) = -1 EEXIST (File exists)
open("/var/lib/ldap/__db.001", O_RDWR|O_CREAT|O_EXCL, 0600) = -1 EEXIST (File exists)
open("/var/lib/ldap/__db.001", O_RDWR|O_CREAT|O_EXCL, 0600) = -1 EEXIST (File exists)
open("/var/lib/ldap/__db.001", O_RDWR) = 13
fcntl(13, F_SETFD, FD_CLOEXEC) = 0
fstat(13, {st_mode=S_IFREG|0600, st_size=8192, ...}) = 0
close(13) = 0
open("/var/lib/ldap/__db.001", O_RDWR) = 13
fcntl(13, F_SETFD, FD_CLOEXEC) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_SHARED, 13, 0) = 0x2abf18550000
close(13) = 0
stat("/var/lib/ldap/__db.002", {st_mode=S_IFREG|0600, st_size=2629632, ...}) = 0
open("/var/lib/ldap/__db.002", O_RDWR|O_CREAT, 0600) = 13
fcntl(13, F_SETFD, FD_CLOEXEC) = 0
mmap(NULL, 2629632, PROT_READ|PROT_WRITE, MAP_SHARED, 13, 0) = 0x2abf18da3000
close(13) = 0
stat("/var/lib/ldap/__db.003", {st_mode=S_IFREG|0600, st_size=98304, ...}) = 0
open("/var/lib/ldap/__db.003", O_RDWR|O_CREAT, 0600) = 13
fcntl(13, F_SETFD, FD_CLOEXEC) = 0
mmap(NULL, 98304, PROT_READ|PROT_WRITE, MAP_SHARED, 13, 0) = 0x2abf19025000
close(13) = 0
stat("/var/lib/ldap/__db.004", {st_mode=S_IFREG|0600, st_size=868352, ...}) = 0
open("/var/lib/ldap/__db.004", O_RDWR|O_CREAT, 0600) = 13
fcntl(13, F_SETFD, FD_CLOEXEC) = 0
mmap(NULL, 868352, PROT_READ|PROT_WRITE, MAP_SHARED, 13, 0) = 0x2abf1903d000
close(13) = 0
stat("/var/lib/ldap/__db.005", {st_mode=S_IFREG|0600, st_size=24576, ...}) = 0
open("/var/lib/ldap/__db.005", O_RDWR|O_CREAT, 0600) = 13
fcntl(13, F_SETFD, FD_CLOEXEC) = 0
mmap(NULL, 24576, PROT_READ|PROT_WRITE, MAP_SHARED, 13, 0) = 0x2abf19111000
close(13) = 0
stat("/var/lib/ldap/id2entry.bdb", {st_mode=S_IFREG|0600, st_size=65536, ...}) = 0
stat("/var/lib/ldap/id2entry.bdb", {st_mode=S_IFREG|0600, st_size=65536, ...}) = 0
open("/var/lib/ldap/id2entry.bdb", O_RDWR) = 13
fcntl(13, F_SETFD, FD_CLOEXEC) = 0
read(13, "\1\0\0\0F\35\4\0\0\0\0\0b1\5\0\t\0\0\0\0@\0\0\0\t\0\0\0"..., 512) = 512
close(13) = 0
stat("/var/lib/ldap/id2entry.bdb", {st_mode=S_IFREG|0600, st_size=65536, ...}) = 0
open("/var/lib/ldap/id2entry.bdb", O_RDWR) = 13
fcntl(13, F_SETFD, FD_CLOEXEC) = 0
fstat(13, {st_mode=S_IFREG|0600, st_size=65536, ...}) = 0
time(NULL) = 1155086433
stat("/var/lib/ldap/dn2id.bdb", {st_mode=S_IFREG|0600, st_size=16384, ...}) = 0
stat("/var/lib/ldap/dn2id.bdb", {st_mode=S_IFREG|0600, st_size=16384, ...}) = 0
open("/var/lib/ldap/dn2id.bdb", O_RDWR) = 14
fcntl(14, F_SETFD, FD_CLOEXEC) = 0
read(14, "\1\0\0\0\356\271\6\0\0\0\0\0b1\5\0\t\0\0\0\0\20\0\0\0\t"..., 512) = 512
close(14) = 0
stat("/var/lib/ldap/dn2id.bdb", {st_mode=S_IFREG|0600, st_size=16384, ...}) = 0
open("/var/lib/ldap/dn2id.bdb", O_RDWR) = 14
fcntl(14, F_SETFD, FD_CLOEXEC) = 0
fstat(14, {st_mode=S_IFREG|0600, st_size=16384, ...}) = 0
time(NULL) = 1155086433
write(2, "slapd starting\n", 15slapd starting
) = 15
mmap(NULL, 651264, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2abf19117000
mmap(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|0x40, -1, 0) = 0x40000000
mprotect(0x40000000, 4096, PROT_NONE) = 0
clone(child_stack=0x40800280, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID|CLONE_DETACHED, parent_tidptr=0x408009f0, tls=0x40800960, child_tidptr=0x408009f0) = 24541
futex(0x408009f0, FUTEX_WAIT, 24541, NULL
# slapd is now waiting for a client to connect.
# I run ldapsearch to connect to port 389+starttls.
ldap_pvt_gethostbyname_a: host=server, r=0
connection_get(15)
connection_get(15): got connid=0
connection_read(15): checking for input on id=0
ber_get_next
ldap_read: want=8, got=8
0000: 30 1d 02 01 01 77 18 80 0....w..
ldap_read: want=23, got=23
0000: 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 31 34 36 .1.3.6.1.4.1.146
0010: 36 2e 32 30 30 33 37 6.20037
ber_get_next: tag 0x30 len 29 contents:
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
ber_get_next on fd 15 failed errno=11 (Resource temporarily unavailable)
do_extended
ber_scanf fmt ({m) ber:
do_extended: oid=1.3.6.1.4.1.1466.20037
send_ldap_extended: err=0 oid= len=0
send_ldap_response: msgid=1 tag=120 err=0
ber_flush: 14 bytes to sd 15
0000: 30 0c 02 01 01 78 07 0a 01 00 04 00 04 00 0....x........
ldap_write: want=14, written=14
0000: 30 0c 02 01 01 78 07 0a 01 00 04 00 04 00 0....x........
connection_get(15)
connection_get(15): got connid=0
connection_read(15): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=11
0000: 16 03 01 00 44 01 00 00 40 03 01 ....D... at ..
tls_read: want=62, got=62
0000: 44 d9 38 65 17 bf 28 7d 4a 48 80 68 b1 9b d6 7b D.8e..(}JH.h...{
0010: 04 64 ee c3 5e 15 2c 93 9e 94 92 f9 e1 45 c9 db .d..^.,......E..
0020: 00 00 18 00 33 00 16 00 39 00 2f 00 0a 00 35 00 ....3...9./...5.
0030: 05 00 04 00 32 00 13 00 38 00 66 02 01 00 ....2...8.f...
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write certificate request A
tls_write: want=1821, written=1821
0000: 16 03 01 00 4a 02 00 00 46 03 01 44 d9 38 65 22 ....J...F..D.8e"
0010: 6c 2e d9 11 99 70 49 f3 98 68 32 77 cb 15 59 1e l....pI..h2w..Y.
0020: 01 c7 7b 04 7f 2b 9a 08 e0 5d f0 20 d1 1d 4e 87 ..{..+...]. ..N.
0030: e6 45 ee dd 45 dd dd b9 ae 25 24 15 80 97 eb cb .E..E....%$.....
0040: e9 2a 71 3b ca 14 c6 80 9c ba a8 2f 00 2f 01 16 .*q;......././..
0050: 03 01 06 28 0b 00 06 24 00 06 21 00 03 1b 30 82 ...(...$..!...0.
0060: 03 17 30 82 02 82 a0 03 02 01 02 02 01 02 30 0b ..0...........0.
0070: 06 09 2a 86 48 86 f7 0d 01 01 05 30 81 89 31 0b ..*.H......0..1.
0080: 30 09 06 03 55 04 06 13 02 55 53 31 11 30 0f 06 0...U....US1.0..
0090: 03 55 04 0a 13 08 6d 69 73 75 6d 61 73 75 31 1e .U....misumasu1.
00a0: 30 1c 06 03 55 04 0b 13 15 43 65 72 74 69 66 69 0...U....Certifi
00b0: 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 31 14 cate Authority1.
00c0: 30 12 06 03 55 04 07 13 0b 41 6c 62 75 71 75 65 0...U....Albuque
00d0: 72 71 75 65 31 13 30 11 06 03 55 04 08 13 0a 4e rque1.0...U....N
00e0: 65 77 20 4d 65 78 69 63 6f 31 1c 30 1a 06 03 55 ew Mexico1.0...U
00f0: 04 03 13 13 6d 69 73 75 6d 61 73 75 2e 64 79 6e ....misumasu.dyn
0100: 64 6e 73 2e 6f 72 67 30 1e 17 0d 30 36 30 31 32 dns.org0...06012
0110: 32 31 38 30 32 35 39 5a 17 0d 31 36 30 31 32 30 2180259Z..160120
0120: 31 38 30 32 35 39 5a 30 81 84 31 0b 30 09 06 03 180259Z0..1.0...
0130: 55 04 06 13 02 55 53 31 11 30 0f 06 03 55 04 0a U....US1.0...U..
0140: 13 08 6d 69 73 75 6d 61 73 75 31 14 30 12 06 03 ..misumasu1.0...
0150: 55 04 0b 13 0b 4c 44 41 50 20 53 65 72 76 65 72 U....LDAP Server
0160: 31 14 30 12 06 03 55 04 07 13 0b 41 6c 62 75 71 1.0...U....Albuq
0170: 75 65 72 71 75 65 31 13 30 11 06 03 55 04 08 13 uerque1.0...U...
0180: 0a 4e 65 77 20 4d 65 78 69 63 6f 31 21 30 1f 06 .New Mexico1!0..
0190: 03 55 04 03 13 18 6c 64 61 70 2e 6d 69 73 75 6d .U....ldap.misum
01a0: 61 73 75 2e 64 79 6e 64 6e 73 2e 6f 72 67 30 81 asu.dyndns.org0.
01b0: 9c 30 0b 06 09 2a 86 48 86 f7 0d 01 01 01 03 81 .0...*.H........
01c0: 8c 00 30 81 88 02 81 80 b6 32 ef 73 0e 50 9a 1a ..0......2.s.P..
01d0: dd 7f 72 c8 59 dc fa 1e 6f 5f 7b ab 19 98 58 f2 ..r.Y...o_{...X.
01e0: 3a 0c 91 ac f3 06 18 a0 10 b4 d7 3e 69 94 ae 5d :..........>i..]
01f0: 24 62 9d e0 3d 53 1b 9e c3 ef 4a 24 aa 9c 0d ae $b..=S....J$....
0200: 5a ba 3b 5c a6 6f ab 1b f6 08 af 12 5c 4e 9e cd Z.;\.o......\N..
0210: 4a 4d a2 f6 7f fe 27 6f b1 be 87 c8 4a bc 57 80 JM....'o....J.W.
0220: e1 e2 67 c3 e5 76 c5 97 73 4c 25 19 77 1d 6f 49 ..g..v..sL%.w.oI
0230: 38 ac a4 3b 4d fb aa 80 fe 36 14 c7 94 e2 47 3b 8..;M....6....G;
0240: dd 25 f5 79 8d 44 7e cb 02 03 01 00 01 a3 81 98 .%.y.D~.........
0250: 30 81 95 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 0..0...U.......0
0260: 00 30 0f 06 03 55 1d 0f 01 01 ff 04 05 03 03 07 .0...U..........
0270: a0 00 30 1d 06 03 55 1d 0e 04 16 04 14 a6 48 7b ..0...U.......H{
0280: 6c 98 61 44 ba 45 00 97 58 a1 bb 2c a2 b6 8a 5e l.aD.E..X..,...^
0290: 83 30 1f 06 03 55 1d 23 04 18 30 16 80 14 c2 af .0...U.#..0.....
02a0: 43 48 07 fb 8b 76 14 9a ab 17 f7 b1 0e a5 28 4b CH...v........(K
02b0: df 9f 30 34 06 03 55 1d 1f 04 2d 30 2b 30 29 a0 ..04..U...-0+0).
02c0: 27 a0 25 86 23 68 74 74 70 3a 2f 2f 77 77 77 2e '.%.#http://www.
02d0: 6d 69 73 75 6d 61 73 75 2e 64 79 6e 64 6e 73 2e misumasu.dyndns.
02e0: 6f 72 67 2f 63 72 6c 2f 30 0b 06 09 2a 86 48 86 org/crl/0...*.H.
02f0: f7 0d 01 01 05 03 81 81 00 21 9c 74 35 1c 11 eb .........!.t5...
0300: 15 4b 1d cd c4 2d 9e 37 f5 3e 6c e8 b6 b1 b6 41 .K...-.7.>l....A
0310: 46 1d a4 94 d3 aa d8 98 8a 50 48 75 e8 84 ce 2f F........PHu.../
0320: c3 d6 5c 0c 70 8a 27 87 08 e3 61 7f a0 b4 dc a6 ..\.p.'...a.....
0330: af 36 82 cb 63 cb 31 db fc b8 ba 47 f7 23 c8 83 .6..c.1....G.#..
0340: 84 9c a1 cd 7c 61 cd 6e 77 99 34 c7 e3 3e fe 7f ....|a.nw.4..>..
0350: 6a ee 89 9e 90 3d 51 58 23 8e c9 ad 47 99 e8 35 j....=QX#...G..5
0360: 78 cd 1c ea 3e 13 52 ff ff 7e 12 26 64 c6 f0 f2 x...>.R..~.&d...
0370: 88 bb 3f fe 09 99 7a ce 46 00 03 00 30 82 02 fc ..?...z.F...0...
0380: 30 82 02 67 a0 03 02 01 02 02 01 01 30 0b 06 09 0..g........0...
0390: 2a 86 48 86 f7 0d 01 01 05 30 81 89 31 0b 30 09 *.H......0..1.0.
03a0: 06 03 55 04 06 13 02 55 53 31 11 30 0f 06 03 55 ..U....US1.0...U
03b0: 04 0a 13 08 6d 69 73 75 6d 61 73 75 31 1e 30 1c ....misumasu1.0.
03c0: 06 03 55 04 0b 13 15 43 65 72 74 69 66 69 63 61 ..U....Certifica
03d0: 74 65 20 41 75 74 68 6f 72 69 74 79 31 14 30 12 te Authority1.0.
03e0: 06 03 55 04 07 13 0b 41 6c 62 75 71 75 65 72 71 ..U....Albuquerq
03f0: 75 65 31 13 30 11 06 03 55 04 08 13 0a 4e 65 77 ue1.0...U....New
0400: 20 4d 65 78 69 63 6f 31 1c 30 1a 06 03 55 04 03 Mexico1.0...U..
0410: 13 13 6d 69 73 75 6d 61 73 75 2e 64 79 6e 64 6e ..misumasu.dyndn
0420: 73 2e 6f 72 67 30 1e 17 0d 30 36 30 31 32 32 31 s.org0...0601221
0430: 37 34 35 30 38 5a 17 0d 31 36 30 31 32 32 31 37 74508Z..16012217
0440: 34 35 30 38 5a 30 81 89 31 0b 30 09 06 03 55 04 4508Z0..1.0...U.
0450: 06 13 02 55 53 31 11 30 0f 06 03 55 04 0a 13 08 ...US1.0...U....
0460: 6d 69 73 75 6d 61 73 75 31 1e 30 1c 06 03 55 04 misumasu1.0...U.
0470: 0b 13 15 43 65 72 74 69 66 69 63 61 74 65 20 41 ...Certificate A
0480: 75 74 68 6f 72 69 74 79 31 14 30 12 06 03 55 04 uthority1.0...U.
0490: 07 13 0b 41 6c 62 75 71 75 65 72 71 75 65 31 13 ...Albuquerque1.
04a0: 30 11 06 03 55 04 08 13 0a 4e 65 77 20 4d 65 78 0...U....New Mex
04b0: 69 63 6f 31 1c 30 1a 06 03 55 04 03 13 13 6d 69 ico1.0...U....mi
04c0: 73 75 6d 61 73 75 2e 64 79 6e 64 6e 73 2e 6f 72 sumasu.dyndns.or
04d0: 67 30 81 9c 30 0b 06 09 2a 86 48 86 f7 0d 01 01 g0..0...*.H.....
04e0: 01 03 81 8c 00 30 81 88 02 81 80 e0 23 40 8e 3b .....0......#@.;
04f0: 60 e9 4a 8f 27 74 47 a6 d4 53 73 d7 7d 2b e7 11 `.J.'tG..Ss.}+..
0500: 10 f2 db 58 e2 09 fe 37 17 29 97 d2 93 76 8a 7b ...X...7.)...v.{
0510: fa db c2 2b 96 bb f9 10 af eb 3e 67 c5 78 aa 96 ...+......>g.x..
0520: b7 36 3c e1 3c e5 25 8b c7 bf e6 1c 8b 5a 85 bb .6<.<.%......Z..
0530: f0 a1 5b 94 9d 3b 45 34 c4 96 16 1f e5 5c 69 d4 ..[..;E4.....\i.
0540: 59 95 7f 80 75 ae b1 65 ae d2 5b 7b 59 02 68 7e Y...u..e..[{Y.h~
0550: 2f 25 1a 93 a5 56 e3 09 2d 17 f1 c0 44 72 34 56 /%...V..-...Dr4V
0560: da ca 95 0e e3 a1 52 25 8b 2f 63 02 03 01 00 01 ......R%./c.....
0570: a3 79 30 77 30 0f 06 03 55 1d 13 01 01 ff 04 05 .y0w0...U.......
0580: 30 03 01 01 ff 30 0f 06 03 55 1d 0f 01 01 ff 04 0....0...U......
0590: 05 03 03 07 06 00 30 1d 06 03 55 1d 0e 04 16 04 ......0...U.....
05a0: 14 c2 af 43 48 07 fb 8b 76 14 9a ab 17 f7 b1 0e ...CH...v.......
05b0: a5 28 4b df 9f 30 34 06 03 55 1d 1f 04 2d 30 2b .(K..04..U...-0+
05c0: 30 29 a0 27 a0 25 86 23 68 74 74 70 3a 2f 2f 77 0).'.%.#http://w
05d0: 77 77 2e 6d 69 73 75 6d 61 73 75 2e 64 79 6e 64 ww.misumasu.dynd
05e0: 6e 73 2e 6f 72 67 2f 63 72 6c 2f 30 0b 06 09 2a ns.org/crl/0...*
05f0: 86 48 86 f7 0d 01 01 05 03 81 81 00 13 4b 65 88 .H...........Ke.
0600: 1a 74 79 11 3f 3b ff a8 90 33 95 11 62 56 98 73 .ty.?;...3..bV.s
0610: cb d5 2f a0 ef be c7 ea a6 36 13 db 80 45 1f 5e ../......6...E.^
0620: a8 aa c2 d4 cf bd 50 5a 4c ab 67 99 23 77 74 00 ......PZL.g.#wt.
0630: e4 2a 3c 47 ea c4 e3 e9 3a 07 fb 7e c1 1a 12 30 .*<G....:..~...0
0640: 97 25 58 9f 8c 0f a2 59 76 3b cd 10 96 c8 c5 f1 .%X....Yv;......
0650: 0c c4 04 a3 a6 c4 81 fd 5e 19 00 5c 69 3b f6 de ........^..\i;..
0660: 0f 44 5a 5e ea 64 58 62 0f 87 64 1c e1 e5 35 34 .DZ^.dXb..d...54
0670: 70 34 89 5b b8 79 cd fe 12 01 51 57 16 03 01 00 p4.[.y....QW....
0680: 9c 0d 00 00 94 03 01 02 40 00 8e 00 8c 30 81 89 ........ at ....0..
0690: 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 11 30 1.0...U....US1.0
06a0: 0f 06 03 55 04 0a 13 08 6d 69 73 75 6d 61 73 75 ...U....misumasu
06b0: 31 1e 30 1c 06 03 55 04 0b 13 15 43 65 72 74 69 1.0...U....Certi
06c0: 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 ficate Authority
06d0: 31 14 30 12 06 03 55 04 07 13 0b 41 6c 62 75 71 1.0...U....Albuq
06e0: 75 65 72 71 75 65 31 13 30 11 06 03 55 04 08 13 uerque1.0...U...
06f0: 0a 4e 65 77 20 4d 65 78 69 63 6f 31 1c 30 1a 06 .New Mexico1.0..
0700: 03 55 04 03 13 13 6d 69 73 75 6d 61 73 75 2e 64 .U....misumasu.d
0710: 79 6e 64 6e 73 2e 6f 72 67 0e 00 00 00 yndns.org....
TLS trace: SSL_accept:SSLv3 flush data
tls_read: want=5 error=Resource temporarily unavailable
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(15)
connection_get(15): got connid=0
connection_read(15): checking for input on id=0
tls_read: want=5, got=5
0000: 16 03 01 00 07 .....
tls_read: want=7, got=7
0000: 0b 00 00 03 00 00 00 .......
tls_write: want=7, written=7
0000: 15 03 01 00 02 02 28 ......(
TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read client certificate B
TLS: can't accept.
TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate s3_srvr.c:2455
connection_read(15): TLS accept failure error=-1 id=0, closing
connection_closing: readying conn=0 sd=15 for close
connection_close: conn=0 sd=15
# slapd is now waiting for a client to connect.
# I hit ctrl-c to kill slapd and end the capture.
<unfinished ...>
daemon: shutdown requested and initiated.
slapd shutdown: waiting for 0 threads to terminate
slapd shutdown: initiated
====> bdb_cache_release_all
slapd destroy: freeing system resources.
slapd stopped.
More information about the Pkg-openldap-devel
mailing list