On 9/17/19 10:42 AM, William Brown wrote:
Hey there,
Can you send us the access log of the connection attempt, as well as the command line
options you used to make the connection?
What was the previous version of DS you were using?
Thanks!
> On 17 Sep 2019, at 16:40, Mihai Carabas <mihai.carabas(a)gmail.com> wrote:
>
> Hello,
>
> After upgrading to the latest 389ds (1.4.0.27) with FC29, I have the
> following issue on LDAPS:
>
> ldap_url_parse_ext(ldaps://ldap.curs.pub.ro)
> ldap_create
> ldap_url_parse_ext(ldaps://ldap.curs.pub.ro:636/??base)
> ldap_sasl_bind
> ldap_send_initial_request
> ldap_new_connection 1 1 0
> ldap_int_open_connection
> ldap_connect_to_host: TCP ldap.curs.pub.ro:636
> ldap_new_socket: 3
> ldap_prepare_socket: 3
> ldap_connect_to_host: Trying 141.85.241.48:636
> ldap_pvt_connect: fd: 3 tm: -1 async: 0
> attempting to connect:
> connect success
> TLS trace: SSL_connect:before SSL initialization
> tls_write: want=303, written=303
> 0000: 16 03 01 01 2a 01 00 01 26 03 03 72 71 d6 83 08 ....*...&..rq...
> 0010: 7a 5f 26 69 2b f7 f7 4f 59 76 87 c0 07 bc 6c db z_&i+..OYv....l.
> 0020: fe 51 69 e4 2c dc 65 3d 52 48 f6 20 2b c1 75 d1 .Qi.,.e=RH. +.u.
> 0030: 98 3b dc 70 3e 69 82 a4 41 91 7f 89 0e fc 52 43 .;.p>i..A.....RC
> 0040: ab be c9 77 0b 02 a7 f1 9f ec a7 d0 00 48 13 02 ...w.........H..
> 0050: 13 03 13 01 13 04 c0 2c c0 30 cc a9 cc a8 c0 ad .......,.0......
> 0060: c0 2b c0 2f c0 ac c0 23 c0 27 c0 0a c0 14 c0 09 .+./...#.'......
> 0070: c0 13 00 9d c0 9d 00 9c c0 9c 00 3d 00 3c 00 35 ...........=.<.5
> 0080: 00 2f 00 9f cc aa c0 9f 00 9e c0 9e 00 6b 00 67 ./...........k.g
> 0090: 00 39 00 33 00 ff 01 00 00 95 00 0b 00 04 03 00 .9.3............
> 00a0: 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 ................
> 00b0: 00 18 00 23 00 00 00 16 00 00 00 17 00 00 00 0d ...#............
> 00c0: 00 30 00 2e 04 03 05 03 06 03 08 07 08 08 08 09 .0..............
> 00d0: 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 ................
> 00e0: 03 03 02 03 03 01 02 01 03 02 02 02 04 02 05 02 ................
> 00f0: 06 02 00 2b 00 09 08 03 04 03 03 03 02 03 01 00 ...+............
> 0100: 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 20 4c -.....3.&.$... L
> 0110: 3f b1 bc f8 d0 a1 54 e7 a2 6f d4 d4 d1 ab b3 77 ?.....T..o.....w
> 0120: 67 2c ea 51 94 f3 fa 43 de 96 5f 9b eb 12 10 g,.Q...C.._....
> TLS trace: SSL_connect:SSLv3/TLS write client hello
> tls_read: want=5, got=5
> 0000: 15 03 03 00 02 .....
> tls_read: want=2, got=2
> 0000: 02 50 .P
> TLS trace: SSL3 alert read:fatal:internal error
> TLS trace: SSL_connect:error in error
> TLS: can't connect: error:14094438:SSL routines:ssl3_read_bytes:tlsv1
> alert internal error.
> ldap_err2string
> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>
> All the things remained the same like before upgrading. I see tihs
> internal error and I could not find any hints about it. Did someone
> hit this issue?
>
> Thank you,
> Mihai Carabas
> _______________________________________________
> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
--
389 Directory Server Development Team