On Tue, Sep 17, 2019 at 5:49 PM Mark Reynolds <mreynolds(a)redhat.com> wrote:
On 9/17/19 10:42 AM, William Brown wrote:
> Hey there,
>
> Can you send us the access log of the connection attempt, as well as the command
line options you used to make the connection?
What was the previous version of DS you were using?
1.4.0.20
>
> >
> > Thanks!
> >
> >> On 17 Sep 2019, at 16:40, Mihai Carabas <mihai.carabas(a)gmail.com>
wrote:
> >>
> >> Hello,
> >>
> >> After upgrading to the latest 389ds (1.4.0.27) with FC29, I have the
> >> following issue on LDAPS:
> >>
> >> ldap_url_parse_ext(ldaps://ldap.curs.pub.ro)
> >> ldap_create
> >> ldap_url_parse_ext(ldaps://ldap.curs.pub.ro:636/??base)
> >> ldap_sasl_bind
> >> ldap_send_initial_request
> >> ldap_new_connection 1 1 0
> >> ldap_int_open_connection
> >> ldap_connect_to_host: TCP ldap.curs.pub.ro:636
> >> ldap_new_socket: 3
> >> ldap_prepare_socket: 3
> >> ldap_connect_to_host: Trying 141.85.241.48:636
> >> ldap_pvt_connect: fd: 3 tm: -1 async: 0
> >> attempting to connect:
> >> connect success
> >> TLS trace: SSL_connect:before SSL initialization
> >> tls_write: want=303, written=303
> >> 0000: 16 03 01 01 2a 01 00 01 26 03 03 72 71 d6 83 08
....*...&..rq...
> >> 0010: 7a 5f 26 69 2b f7 f7 4f 59 76 87 c0 07 bc 6c db
z_&i+..OYv....l.
> >> 0020: fe 51 69 e4 2c dc 65 3d 52 48 f6 20 2b c1 75 d1 .Qi.,.e=RH.
+.u.
> >> 0030: 98 3b dc 70 3e 69 82 a4 41 91 7f 89 0e fc 52 43
.;.p>i..A.....RC
> >> 0040: ab be c9 77 0b 02 a7 f1 9f ec a7 d0 00 48 13 02
...w.........H..
> >> 0050: 13 03 13 01 13 04 c0 2c c0 30 cc a9 cc a8 c0 ad
.......,.0......
> >> 0060: c0 2b c0 2f c0 ac c0 23 c0 27 c0 0a c0 14 c0 09
.+./...#.'......
> >> 0070: c0 13 00 9d c0 9d 00 9c c0 9c 00 3d 00 3c 00 35
...........=.<.5
> >> 0080: 00 2f 00 9f cc aa c0 9f 00 9e c0 9e 00 6b 00 67
./...........k.g
> >> 0090: 00 39 00 33 00 ff 01 00 00 95 00 0b 00 04 03 00
.9.3............
> >> 00a0: 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19
................
> >> 00b0: 00 18 00 23 00 00 00 16 00 00 00 17 00 00 00 0d
...#............
> >> 00c0: 00 30 00 2e 04 03 05 03 06 03 08 07 08 08 08 09
.0..............
> >> 00d0: 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01
................
> >> 00e0: 03 03 02 03 03 01 02 01 03 02 02 02 04 02 05 02
................
> >> 00f0: 06 02 00 2b 00 09 08 03 04 03 03 03 02 03 01 00
...+............
> >> 0100: 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 20 4c
-.....3.&.$... L
> >> 0110: 3f b1 bc f8 d0 a1 54 e7 a2 6f d4 d4 d1 ab b3 77
?.....T..o.....w
> >> 0120: 67 2c ea 51 94 f3 fa 43 de 96 5f 9b eb 12 10 g,.Q...C.._....
> >> TLS trace: SSL_connect:SSLv3/TLS write client hello
> >> tls_read: want=5, got=5
> >> 0000: 15 03 03 00 02 .....
> >> tls_read: want=2, got=2
> >> 0000: 02 50 .P
> >> TLS trace: SSL3 alert read:fatal:internal error
> >> TLS trace: SSL_connect:error in error
> >> TLS: can't connect: error:14094438:SSL routines:ssl3_read_bytes:tlsv1
> >> alert internal error.
> >> ldap_err2string
> >> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
> >>
> >> All the things remained the same like before upgrading. I see tihs
> >> internal error and I could not find any hints about it. Did someone
> >> hit this issue?
> >>
> >> Thank you,
> >> Mihai Carabas
> >> _______________________________________________
> >> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> >> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
> >> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> >> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> >> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
> > —
> > Sincerely,
> >
> > William Brown
> >
> > Senior Software Engineer, 389 Directory Server
> > SUSE Labs
> > _______________________________________________
> > 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> > To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
> > Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
>
> --
>
> 389 Directory Server Development Team
> _______________________________________________
> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...