LinuxQuestions.org - [SOLVED] centos 6.4 openldap tls handshake negotiation

ok i cannot for the life of me work out how to get my tsl working on centos 6.4

from what i can see openldap is not sending extended props in the tls hello negotiation and so after the compression ... nothing

can anybody help?

[root@alty user]# ldapsearch -H ldaps://alty.abc.com:636 -D "cn=manager, dc=abc, dc=com" -wsecret -d7
ldap_url_parse_ext(ldaps://alty.abc.com:636)
ldap_create
ldap_url_parse_ext(ldaps://alty.abc.com:636/??base)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP alty.abc.com:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 192.168.0.3:636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
TLS: certdb config: configDir='/etc/openldap/certs' tokenDescription='ldap(0)' certPrefix='' keyPrefix='' flags=readOnly
TLS: using moznss security dir /etc/openldap/certs prefix .
TLS: loaded CA certificate file /etc/openldap/certs/abc.com.crt.
TLS: certificate 'alty.abc.com' successfully loaded from moznss database.
TLS: no unlocked certificate for certificate 'CN=alty.abc.com,DC=abc,DC=com'.
TLS: certificate [CN=alty.abc.com,DC=abc,DC=com] is valid
tls_write: want=102, written=102
0000: 16 03 01 00 61 01 00 00 5d 03 01 52 6d 6f df eb ....a...]..Rmo..
0010: e0 92 c2 2d 32 25 50 d8 93 94 0a 23 8b ca d0 ea ...-2%P....#....
0020: 57 1b 2c de 38 48 6c 19 bb 58 de 00 00 36 00 ff W.,.8Hl..X...6..
0030: 00 88 00 87 00 39 00 38 00 84 00 35 00 45 00 44 .....9.8...5.E.D
0040: 00 66 00 33 00 32 00 96 00 41 00 05 00 04 00 2f .f.3.2...A...../
0050: 00 16 00 13 00 0a 00 15 00 12 00 09 00 64 00 62 .............d.b
0060: 00 03 00 06 01 00 ......
tls_read: want=5, got=0

TLS: error: tlsm_PR_Recv returned 0 - error 21:Is a directory
TLS: error: connect - force handshake failure: errno 21 - moznss error -5938
TLS: can't connect: TLS error -5938:Encountered end of file.
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)