[Bug 381791] Re: LDAP::SSLConn from ruby fails, probably from not seeing cert
Xeno Campanoli
xeno at eskimo.com
Tue Jun 2 00:27:02 UTC 2009
Okay, this is probably important to add:
On the Ubuntu server machines I'm using, when I do a plain openssl call
like so:
openssl s_client -connect ipaddr:port
where ipaddr and port are definitely correct and shown to work in all
other ways with the ldap server we are trying to configure, we get data
back with the following ending:
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID: 46AEE896A3CB7B0C0044D1169EA9672E769D7BF64194F96D8378D08D750D60AA
Session-ID-ctx:
Master-Key: FEADCD684F8CCEEA674C2D725D6BB5E4C1716B877C2B6B176E1C5BD0590D0CDFA28CC93BEB07548C997BD6B2FAB7009F
Key-Arg : None
Start Time: 1243885042
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---snip---
so a 19, and supposedly we don't have a nice cert. But the cert is there, and when I specify it thus:
openssl s_client -connect ipaddr:port -CAfile $certpath
I get output indicating normal access to our cert:
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID: 46AECE8C1C97B9CE8D0547CD2FFF0DB787B11E90A2E4387A430CBEB3996BA67C
Session-ID-ctx:
Master-Key: 57B5AD4C296C9B0987539FB728F6ADBC7C6A9C579F0E119E87F7B621769D738053220479ADBA5E811EB163E273D5034E
Key-Arg : None
Start Time: 1243888048
Timeout : 300 (sec)
Verify return code: 0 (ok)
snip----
so a zero; unixy success. So, it seems to me there is a seriously likely guess to be made here since the responses I got back are similar in wording from openssl and the LDAPpy API to ruby. I hope this helps. xc
--
LDAP::SSLConn from ruby fails, probably from not seeing cert
https://bugs.launchpad.net/bugs/381791
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list