[CentOS] can't use godaddy SSL cert

bluethundr bluethundr at gmail.com
Sun Nov 28 13:04:29 EST 2010


Hello CentOS:


 Thanks for your input..

> As mentioned in my previous mail, there is no need to specify >TLSCACertificateFile in slapd.conf unless your server will request client >certificate for authentication. Nor is there any point in trying multiple >files, you can concatenate the CA certificates into a single file.

I have removed TLSCACertificateFile form slapd and now recognize that
this directive is only needed on the client side. Thanks for clueing
me into that.

And here is my /etc/ldap.conf file on on the CentOS 5.5 client:

[root at VIRCENT03:~]#cat /etc/ldap.conf
host 192.168.1.44
base dc=summitnjhome,dc=com
sudoers_base ou=sudoers,ou=Services,dc=summitnjhome,dc=com
scope sub
pam_password exop
nss_base_passwd ou=staff,dc=summitnjhome,dc=com
nss_base_shadow ou=staff,dc=summitnjhome,dc=com
TLS_CACERT /etc/openldap/cacerts/gd_sf_all.crt


And here are the contents of the cacerts directory on the CentOS 55 client:

[root at VIRCENT03:~]#ls -l /etc/openldap/cacerts/
total 36
-r--r--r-- 1 root root 27529 Nov 28 12:10 all.crt
lrwxrwxrwx 1 root root     7 Nov 28 12:20 b737b221.0 -> all.crt


And this is the way that nsswitch is setup on the CentOS client:

passwd:     files ldap
shadow:     files ldap
group:      files ldap
sudoers:    ldap

  I have revised the location of the cert files on the server noted in
slapd.conf in order to separate out the certs from the cacerts. This
is just to organize things a little more neatly.

## TLS options for slapd
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile  /usr/local/etc/openldap/certs/slapd.crt
TLSCertificateKeyFile /usr/local/etc/openldap/certs/slapd.pem

And here are the contents of the  /usr/local/etc/openldap/certs
directory, also on the server that is referenced in the TLS lines in
slapd.conf:

-r--r--r--  1 root  ldap  2309 Nov 26 18:52 LBSD2.summitnjhome.com.crt
dr--r--r--  3 root  ldap   512 Nov 28 03:32 bak
drwxr-xr-x  2 root  ldap   512 Nov 28 03:26 cacerts
-r--r--r--  1 root  ldap  2309 Nov 26 18:53 slapd.crt
-r--r--r--  1 root  ldap  1781 Nov 26 18:36 slapd.csr
-r--r--r--  1 root  ldap  3311 Nov 26 18:35 slapd.key
-r--r--r--  1 root  ldap  3243 Nov 26 18:54 slapd.pem


Here is the location of the cacert file on the server that the
/etc/ldap.conf file on the client references;

LBSD2# ls -l /usr/local/etc/openldap/certs/cacerts

-r--r--r--  1 root  ldap  27529 Nov 28 15:49 all.crt

The all.crt file is the result of concatenating these files together:

all.crt                    gdroot-g2.crt              sf_issuing.crt
ca_bundle.crt        sf_bundle.crt              sfroot-g2.crt
gd_bundle.crt        sf-class2-root.crt         sfsroot.crt
gd-class2-root.crt   sf_cross_intermediate.crt  sfsroot-g2.crt
gd_intermediate.crt  sf_intermediate.crt

Here is where the testing begins:

[root at VIRCENT03:~]#openssl s_client -connect ldap.summitnjhome.com:389
-showcerts -CAfile /usr/local/etc/openldap/certs/cacerts/all.crt
10073:error:02001002:system library:fopen:No such file or
directory:bss_file.c:122:fopen('/usr/local/etc/openldap/certs/cacerts/all.crt','r')
10073:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:
10073:error:0B084002:x509 certificate
routines:X509_load_cert_crl_file:system lib:by_file.c:279:
CONNECTED(00000003)
10073:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:188:

CONNECTED(00000003)
10065:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:188:

As you can see I have provided openssl the full path to the all.crt
file on the server and am still receiving a handshake failure. It
looks like openssl s_client is claiming that the all.crt file isn't
there when clearly it is!

> No. I assume that your hostname is the CN indicated above, so your -h is >not the issue. When you do -ZZ then ldapsearch will fail if it cannot  >validate the certificate. You can try with a single -Z to see if it works.

Yes the hostname is in the CN of the cert file. So I agree that -h is
not the issue. :)

 If I do an ldapsearch from the CentOS client it claims that it can't
verify the certificate:

[root at VIRCENT03:~]#ldapsearch -h ldap -b "dc=summitnjhome,dc=com" -Z
-D "cn=Manager,dc=summitnjhome,dc=com" "(objectclass=sudoRole)" -W
ldap_start_tls: Connect error (-11)
	additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Enter LDAP Password:
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
	additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

If I provide some more information with the -d -44 flags this is what I see:

[root at VIRCENT03:~]#ldapsearch -h ldap -b "dc=summitnjhome,dc=com" -d
-44 -Z -D "cn=Manager,dc=summitnjhome,dc=com" "(objectclass=sudoRole)"
-W
ber_dump: buf=0x8eb62e8 ptr=0x8eb62e8 end=0x8eb6307 len=31
  0000:  30 1d 02 01 01 77 18 80  16 31 2e 33 2e 36 2e 31   0....w...1.3.6.1
  0010:  2e 34 2e 31 2e 31 34 36  36 2e 32 30 30 33 37      .4.1.1466.20037
ber_dump: buf=0x8eb62e8 ptr=0x8eb62ed end=0x8eb6307 len=26
  0000:  77 18 80 16 31 2e 33 2e  36 2e 31 2e 34 2e 31 2e   w...1.3.6.1.4.1.
  0010:  31 34 36 36 2e 32 30 30  33 37                     1466.20037
ber_dump: buf=0x8eb7678 ptr=0x8eb7678 end=0x8eb7684 len=12
  0000:  02 01 01 78 07 0a 01 00  04 00 04 00               ...x........
ber_dump: buf=0x8eb7678 ptr=0x8eb767b end=0x8eb7684 len=9
  0000:  78 07 0a 01 00 04 00 04  00                        x........
request done: ld 0x8ead530 msgid 1
ber_dump: buf=0x8eb7678 ptr=0x8eb767b end=0x8eb7684 len=9
  0000:  78 07 0a 01 00 04 00 04  00                        x........
ber_dump: buf=0x8eb7678 ptr=0x8eb767b end=0x8eb7684 len=9
  0000:  78 07 0a 01 00 04 00 04  00                        x........
ber_dump: buf=0x8eb7678 ptr=0x8eb7684 end=0x8eb7684 len=0

TLS certificate verification: Error, unable to get local issuer certificate
TLS: can't connect.
ldap_start_tls: Connect error (-11)
	additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Enter LDAP Password:
ldap_build_search_req ATTRS:
    supportedSASLMechanisms
ber_dump: buf=0x8f1e6a0 ptr=0x8f1e6a0 end=0x8f1e6e0 len=64
  0000:  30 3e 02 01 02 63 39 04  00 0a 01 00 0a 01 00 02   0>...c9.........
  0010:  01 00 02 01 00 01 01 00  87 0b 6f 62 6a 65 63 74   ..........object
  0020:  63 6c 61 73 73 30 19 04  17 73 75 70 70 6f 72 74   class0...support
  0030:  65 64 53 41 53 4c 4d 65  63 68 61 6e 69 73 6d 73   edSASLMechanisms
ber_dump: buf=0x8f1e6a0 ptr=0x8f1e6a5 end=0x8f1e6e0 len=59
  0000:  63 39 04 00 0a 01 00 0a  01 00 02 01 00 02 01 00   c9..............
  0010:  01 01 00 87 0b 6f 62 6a  65 63 74 63 6c 61 73 73   .....objectclass
  0020:  30 19 04 17 73 75 70 70  6f 72 74 65 64 53 41 53   0...supportedSAS
  0030:  4c 4d 65 63 68 61 6e 69  73 6d 73                  LMechanisms
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
	additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed


I am including the output of a -d -1 as an attachment for those that
are still curious because the output of that command is quite long. :)

When I issue getent commands for passwd and group it hangs forever
when it tries to access information from ldap:

[root at VIRCENT03:~]#getent passwd | grep ldapAccount

[root at VIRCENT03:~]#getent group | grep ldapAccount

However if I remove TLS from the equation with the -x flag everything
starts working again:

[root at VIRCENT03:~]#ldapsearch -x -h ldap -b "dc=summitnjhome,dc=com"
-D "cn=Manager,dc=summitnjhome,dc=com" -w localG30rg3T0wn
"(objectclass=sudoRole)"
# extended LDIF
#
# LDAPv3
# base <dc=summitnjhome,dc=com> with scope subtree
# filter: (objectclass=sudoRole)
# requesting: ALL
#

# defaults, sudoers, Services, summitnjhome.com
dn: cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com
objectClass: top
objectClass: sudoRole
cn: defaults
description: Default sudoOption's go here

# %wheel, sudoers, Services, summitnjhome.com
dn: cn=%wheel,ou=sudoers,ou=Services,dc=summitnjhome,dc=com
objectClass: top
objectClass: sudoRole
cn: %wheel
sudoHost: ALL
sudoRunAsUser: ALL
sudoCommand: ALL
sudoOption: !authenticate
sudoUser: %wheel
sudoUser: bluethundr

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2



That's all I have for now. Sincere thanks to all those who have
provided input. I'll keep pounding away at this and hopefully figure
this out today.

Best regards!!!

On Thu, Nov 25, 2010 at 1:25 PM,  <cpolish at surewest.net> wrote:
> bluethundr wrote:
>> I have setup the certificate chain in my slapd.conf like so:
>>
>> TLSCACertificateFile  /usr/local/etc/openldap/cacerts/sf_issuing.crt
>
> I don't see where you say which directory these are stored in:
>
>> -rw-r--r--  1 root  bluethundr  2604 Nov 25 11:37 ca_bundle.crt
>> -r--r-----  1 root  ldap        4604 Nov 24 18:57 gd_bundle.crt
>> -r--r-----  1 root  ldap        1537 Nov 25 02:00 sf_issuing.crt
>
>> [root at LCENT01:/tmp/Foswiki-1.1.2]#openssl s_client -connect
>> ldap.example.com:389 -showcerts -CAfile sf_issuing.crt
>> 13730:error:02001002:system library:fopen:No such file or
>> directory:bss_file.c:122:fopen('sf_issuing.crt','r')
>
> It looks like the expected directory is not the one being
> used. Perhaps try use this invocation:
>
> openssl s_client -connect ldap.example.com:389 -showcerts -CAfile /path/to/sf_issuing.crt
>
> Best regards,
> --
> Charles Polisher
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Here's my RSA Public key:
gpg --keyserver pgp.mit.edu --recv-keys B6D6EAC3
-------------- next part --------------
[root at VIRCENT03:~]#ldapsearch -h ldap -b "dc=summitnjhome,dc=com" -d -1 -Z -D "cn=Manager,dc=summitnjhome,dc=com" "(objectclass=sudoRole)" -W
ldap_create
ldap_url_parse_ext(ldap://ldap)
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldap:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 192.168.1.44:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_dump: buf=0xa0312e8 ptr=0xa0312e8 end=0xa031307 len=31
  0000:  30 1d 02 01 01 77 18 80  16 31 2e 33 2e 36 2e 31   0....w...1.3.6.1  
  0010:  2e 34 2e 31 2e 31 34 36  36 2e 32 30 30 33 37      .4.1.1466.20037   
ber_scanf fmt ({) ber:
ber_dump: buf=0xa0312e8 ptr=0xa0312ed end=0xa031307 len=26
  0000:  77 18 80 16 31 2e 33 2e  36 2e 31 2e 34 2e 31 2e   w...1.3.6.1.4.1.  
  0010:  31 34 36 36 2e 32 30 30  33 37                     1466.20037        
ber_flush: 31 bytes to sd 3
  0000:  30 1d 02 01 01 77 18 80  16 31 2e 33 2e 36 2e 31   0....w...1.3.6.1  
  0010:  2e 34 2e 31 2e 31 34 36  36 2e 32 30 30 33 37      .4.1.1466.20037   
ldap_write: want=31, written=31
  0000:  30 1d 02 01 01 77 18 80  16 31 2e 33 2e 36 2e 31   0....w...1.3.6.1  
  0010:  2e 34 2e 31 2e 31 34 36  36 2e 32 30 30 33 37      .4.1.1466.20037   
ldap_result ld 0xa028530 msgid 1
wait4msg ld 0xa028530 msgid 1 (infinite timeout)
wait4msg continue ld 0xa028530 msgid 1 all 1
** ld 0xa028530 Connections:
* host: ldap  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Sun Nov 28 12:39:55 2010

** ld 0xa028530 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
** ld 0xa028530 Response Queue:
   Empty
ldap_chkResponseList ld 0xa028530 msgid 1 all 1
ldap_chkResponseList returns ld 0xa028530 NULL
ldap_int_select
read1msg: ld 0xa028530 msgid 1 all 1
ber_get_next
ldap_read: want=8, got=8
  0000:  30 0c 02 01 01 78 07 0a                            0....x..          
ldap_read: want=6, got=6
  0000:  01 00 04 00 04 00                                  ......            
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0xa032690 ptr=0xa032690 end=0xa03269c len=12
  0000:  02 01 01 78 07 0a 01 00  04 00 04 00               ...x........      
read1msg: ld 0xa028530 msgid 1 message type extended-result
ber_scanf fmt ({eaa) ber:
ber_dump: buf=0xa032690 ptr=0xa032693 end=0xa03269c len=9
  0000:  78 07 0a 01 00 04 00 04  00                        x........         
read1msg: ld 0xa028530 0 new referrals
read1msg:  mark request completed, ld 0xa028530 msgid 1
request done: ld 0xa028530 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_extended_result
ber_scanf fmt ({eaa) ber:
ber_dump: buf=0xa032690 ptr=0xa032693 end=0xa03269c len=9
  0000:  78 07 0a 01 00 04 00 04  00                        x........         
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0xa032690 ptr=0xa032693 end=0xa03269c len=9
  0000:  78 07 0a 01 00 04 00 04  00                        x........         
ber_scanf fmt (}) ber:
ber_dump: buf=0xa032690 ptr=0xa03269c end=0xa03269c len=0

ldap_msgfree
TLS trace: SSL_connect:before/connect initialization
tls_write: want=121, written=121
  0000:  80 77 01 03 01 00 4e 00  00 00 20 00 00 39 00 00   .w....N... ..9..  
  0010:  38 00 00 35 00 00 16 00  00 13 00 00 0a 07 00 c0   8..5............  
  0020:  00 00 33 00 00 32 00 00  2f 03 00 80 00 00 05 00   ..3..2../.......  
  0030:  00 04 01 00 80 00 00 15  00 00 12 00 00 09 06 00   ................  
  0040:  40 00 00 14 00 00 11 00  00 08 00 00 06 04 00 80   @...............  
  0050:  00 00 03 02 00 80 00 00  ff d2 49 1a b8 a2 59 29   ..........I...Y)  
  0060:  8f 56 dd af 9e fb 9b f7  1a cd 7f fd f4 12 ed c2   .V..............  
  0070:  c8 7c 9b 74 fb bf 22 10  3e                        .|.t..".>         
TLS trace: SSL_connect:SSLv2/v3 write client hello A
tls_read: want=7, got=7
  0000:  16 03 01 00 4a 02 00                               ....J..           
tls_read: want=72, got=72
  0000:  00 46 03 01 4c f2 cd 04  36 77 bc 36 fd a3 c6 bd   .F..L...6w.6....  
  0010:  9d d4 2f 03 6a 9d e7 5a  92 fe 58 1a ab 98 7b 3a   ../.j..Z..X...{:  
  0020:  d1 09 8f 82 20 c4 84 9a  2b 22 6f 9b f7 92 4e 18   .... ...+"o...N.  
  0030:  96 86 0e 4a 0a 5d 14 0d  a9 f7 17 db 94 21 4c 3f   ...J.].......!L?  
  0040:  cd e0 6f 41 f6 00 35 00                            ..oA..5.          
TLS trace: SSL_connect:SSLv3 read server hello A
tls_read: want=5, got=5
  0000:  16 03 01 06 8b                                     .....             
tls_read: want=1675, got=1364
  0000:  0b 00 06 87 00 06 84 00  06 81 30 82 06 7d 30 82   ..........0..}0.  
  0010:  05 65 a0 03 02 01 02 02  07 04 30 d7 a0 27 65 40   .e........0..'e@  
  0020:  30 0d 06 09 2a 86 48 86  f7 0d 01 01 05 05 00 30   0...*.H........0  
  0030:  81 ca 31 0b 30 09 06 03  55 04 06 13 02 55 53 31   ..1.0...U....US1  
  0040:  10 30 0e 06 03 55 04 08  13 07 41 72 69 7a 6f 6e   .0...U....Arizon  
  0050:  61 31 13 30 11 06 03 55  04 07 13 0a 53 63 6f 74   a1.0...U....Scot  
  0060:  74 73 64 61 6c 65 31 1a  30 18 06 03 55 04 0a 13   tsdale1.0...U...  
  0070:  11 47 6f 44 61 64 64 79  2e 63 6f 6d 2c 20 49 6e   .GoDaddy.com, In  
  0080:  63 2e 31 33 30 31 06 03  55 04 0b 13 2a 68 74 74   c.1301..U...*htt  
  0090:  70 3a 2f 2f 63 65 72 74  69 66 69 63 61 74 65 73   p://certificates  
  00a0:  2e 67 6f 64 61 64 64 79  2e 63 6f 6d 2f 72 65 70   .godaddy.com/rep  
  00b0:  6f 73 69 74 6f 72 79 31  30 30 2e 06 03 55 04 03   ository100...U..  
  00c0:  13 27 47 6f 20 44 61 64  64 79 20 53 65 63 75 72   .'Go Daddy Secur  
  00d0:  65 20 43 65 72 74 69 66  69 63 61 74 69 6f 6e 20   e Certification   
  00e0:  41 75 74 68 6f 72 69 74  79 31 11 30 0f 06 03 55   Authority1.0...U  
  00f0:  04 05 13 08 30 37 39 36  39 32 38 37 30 1e 17 0d   ....079692870...  
  0100:  31 30 31 31 32 36 31 39  33 35 31 37 5a 17 0d 31   101126193517Z..1  
  0110:  31 31 31 32 35 30 31 30  31 34 31 5a 30 65 31 1f   11125010141Z0e1.  
  0120:  30 1d 06 03 55 04 0a 13  16 4c 42 53 44 32 2e 73   0...U....LBSD2.s  
  0130:  75 6d 6d 69 74 6e 6a 68  6f 6d 65 2e 63 6f 6d 31   ummitnjhome.com1  
  0140:  21 30 1f 06 03 55 04 0b  13 18 44 6f 6d 61 69 6e   !0...U....Domain  
  0150:  20 43 6f 6e 74 72 6f 6c  20 56 61 6c 69 64 61 74    Control Validat  
  0160:  65 64 31 1f 30 1d 06 03  55 04 03 13 16 4c 42 53   ed1.0...U....LBS  
  0170:  44 32 2e 73 75 6d 6d 69  74 6e 6a 68 6f 6d 65 2e   D2.summitnjhome.  
  0180:  63 6f 6d 30 82 02 22 30  0d 06 09 2a 86 48 86 f7   com0.."0...*.H..  
  0190:  0d 01 01 01 05 00 03 82  02 0f 00 30 82 02 0a 02   ...........0....  
  01a0:  82 02 01 00 d3 f5 ce 7a  83 37 67 f1 87 ed 61 25   .......z.7g...a%  
  01b0:  08 52 6e a2 89 11 92 95  94 55 37 26 7b 1b 36 f0   .Rn......U7&{.6.  
  01c0:  96 d8 77 66 b3 fe d1 3d  dc d8 2c df b6 04 2b 2a   ..wf...=..,...+*  
  01d0:  55 ce 46 29 5b 10 66 c9  88 aa 14 9c db 75 dd d2   U.F)[.f......u..  
  01e0:  08 28 9f ce f5 b3 bb bc  87 a0 2f 82 34 18 44 d2   .(......../.4.D.  
  01f0:  b9 49 fd 81 e1 f2 96 c2  32 4f 74 61 c8 ae ca 04   .I......2Ota....  
  0200:  60 5f 97 02 04 bc ee 2d  81 53 9c 82 66 77 5c ae   `_.....-.S..fw\.  
  0210:  3d 18 c3 42 98 3e 0d 42  97 84 68 9f ea 3f fc 99   =..B.>.B..h..?..  
  0220:  7a b4 68 5f fa 0e 99 a7  76 a5 5c c5 a9 4f 4f b5   z.h_....v.\..OO.  
  0230:  88 64 b2 f0 e3 37 21 c0  83 c1 2b b5 ba 90 68 63   .d...7!...+...hc  
  0240:  c4 9b fe 8d ce 7d da d4  f8 e1 55 0b 25 14 24 10   .....}....U.%.$.  
  0250:  fc 16 50 ec 3d b5 1f d8  4a c7 12 3f 32 0d 91 c0   ..P.=...J..?2...  
  0260:  ae ae a0 17 d5 89 3c 81  3f d0 31 e1 c7 86 78 90   ......<.?.1...x.  
  0270:  ca 80 82 03 80 bb dc 1b  fa 60 5c 55 a3 41 e5 50   .........`\U.A.P  
  0280:  10 b5 c0 80 08 2f 1e 60  fe 8a 7f 5a 53 9c 8b 48   ...../.`...ZS..H  
  0290:  f6 f6 be 41 da 78 bf 7d  97 87 75 05 53 cb bd 53   ...A.x.}..u.S..S  
  02a0:  ad 9c 12 db ab d8 91 31  8a 58 93 cc 64 80 6f 3c   .......1.X..d.o<  
  02b0:  0a a1 74 9e 34 91 65 c7  5f e3 61 a6 7a cd 7a ab   ..t.4.e._.a.z.z.  
  02c0:  f5 f4 d6 4c 40 f2 f0 45  33 89 36 59 33 54 fc 5c   ...L at ..E3.6Y3T.\  
  02d0:  28 b2 78 19 17 ac f2 d1  93 4b b7 2c f6 95 c7 86   (.x......K.,....  
  02e0:  44 4b cf 8f bd 6c 99 1c  0e 94 a7 00 46 af 86 e7   DK...l......F...  
  02f0:  95 83 83 77 4c 80 b1 c6  f0 0e 81 2a 02 12 98 12   ...wL......*....  
  0300:  ff f5 3f 17 e0 c1 b2 84  7b 53 7e 8e f9 53 73 8a   ..?.....{S~..Ss.  
  0310:  de f2 19 65 b7 fe 56 45  d0 05 a2 03 04 84 11 2d   ...e..VE.......-  
  0320:  0d 0b 5f 52 34 c1 22 4a  40 c2 e7 d1 b7 95 cc a7   .._R4."J at .......  
  0330:  59 38 cf 0f 79 d1 ad 14  14 65 c1 27 60 36 b8 84   Y8..y....e.'`6..  
  0340:  e8 37 96 ea cd 61 8e 9a  71 b0 c0 2c 68 e3 a7 b4   .7...a..q..,h...  
  0350:  0b 7a cc 71 44 65 14 ac  9d bc 54 f6 01 8e 16 61   .z.qDe....T....a  
  0360:  fb 88 ab ae f7 80 cc 1f  40 87 ab 5e 9b d8 d6 37   ........ at ..^...7  
  0370:  3a c5 2f 5b 5f 80 cf 62  b6 93 80 5f 7b 5f ef 6d   :./[_..b..._{_.m  
  0380:  cb 8e ef 67 c9 c2 78 37  bb 3e b0 ee a3 07 8a ab   ...g..x7.>......  
  0390:  b7 02 76 b6 a0 18 7d 37  cc 54 44 e4 e5 ad 3e f0   ..v...}7.TD...>.  
  03a0:  97 34 76 c7 02 03 01 00  01 a3 82 01 ca 30 82 01   .4v..........0..  
  03b0:  c6 30 0f 06 03 55 1d 13  01 01 ff 04 05 30 03 01   .0...U.......0..  
  03c0:  01 00 30 1d 06 03 55 1d  25 04 16 30 14 06 08 2b   ..0...U.%..0...+  
  03d0:  06 01 05 05 07 03 01 06  08 2b 06 01 05 05 07 03   .........+......  
  03e0:  02 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05   .0...U..........  
  03f0:  a0 30 33 06 03 55 1d 1f  04 2c 30 2a 30 28 a0 26   .03..U...,0*0(.&  
  0400:  a0 24 86 22 68 74 74 70  3a 2f 2f 63 72 6c 2e 67   .$."http://crl.g  
  0410:  6f 64 61 64 64 79 2e 63  6f 6d 2f 67 64 73 31 2d   odaddy.com/gds1-  
  0420:  32 36 2e 63 72 6c 30 4d  06 03 55 1d 20 04 46 30   26.crl0M..U. .F0  
  0430:  44 30 42 06 0b 60 86 48  01 86 fd 6d 01 07 17 01   D0B..`.H...m....  
  0440:  30 33 30 31 06 08 2b 06  01 05 05 07 02 01 16 25   0301..+........%  
  0450:  68 74 74 70 73 3a 2f 2f  63 65 72 74 73 2e 67 6f   https://certs.go  
  0460:  64 61 64 64 79 2e 63 6f  6d 2f 72 65 70 6f 73 69   daddy.com/reposi  
  0470:  74 6f 72 79 2f 30 81 80  06 08 2b 06 01 05 05 07   tory/0....+.....  
  0480:  01 01 04 74 30 72 30 24  06 08 2b 06 01 05 05 07   ...t0r0$..+.....  
  0490:  30 01 86 18 68 74 74 70  3a 2f 2f 6f 63 73 70 2e   0...http://ocsp.  
  04a0:  67 6f 64 61 64 64 79 2e  63 6f 6d 2f 30 4a 06 08   godaddy.com/0J..  
  04b0:  2b 06 01 05 05 07 30 02  86 3e 68 74 74 70 3a 2f   +.....0..>http:/  
  04c0:  2f 63 65 72 74 69 66 69  63 61 74 65 73 2e 67 6f   /certificates.go  
  04d0:  64 61 64 64 79 2e 63 6f  6d 2f 72 65 70 6f 73 69   daddy.com/reposi  
  04e0:  74 6f 72 79 2f 67 64 5f  69 6e 74 65 72 6d 65 64   tory/gd_intermed  
  04f0:  69 61 74 65 2e 63 72 74  30 1f 06 03 55 1d 23 04   iate.crt0...U.#.  
  0500:  18 30 16 80 14 fd ac 61  32 93 6c 45 d6 e2 ee 85   .0.....a2.lE....  
  0510:  5f 9a ba e7 76 99 68 cc  e7 30 3d 06 03 55 1d 11   _...v.h..0=..U..  
  0520:  04 36 30 34 82 16 4c 42  53 44 32 2e 73 75 6d 6d   .604..LBSD2.summ  
  0530:  69 74 6e 6a 68 6f 6d 65  2e 63 6f 6d 82 1a 77 77   itnjhome.com..ww  
  0540:  77 2e 4c 42 53 44 32 2e  73 75 6d 6d 69 74 6e 6a   w.LBSD2.summitnj  
  0550:  68 6f 6d 65                                        home              
tls_read: want=311, got=311
  0000:  2e 63 6f 6d 30 1d 06 03  55 1d 0e 04 16 04 14 f4   .com0...U.......  
  0010:  53 6d 01 69 29 86 69 fc  ee 4e d5 94 0c 9a 0e 2c   Sm.i).i..N.....,  
  0020:  00 76 32 30 0d 06 09 2a  86 48 86 f7 0d 01 01 05   .v20...*.H......  
  0030:  05 00 03 82 01 01 00 a8  e3 1c ea 53 86 41 70 63   ...........S.Apc  
  0040:  45 93 45 e2 fc 60 6b 46  e3 c9 a5 52 d3 78 d0 da   E.E..`kF...R.x..  
  0050:  08 b3 2a 97 ef 76 e4 0a  56 f1 8e e5 56 92 35 04   ..*..v..V...V.5.  
  0060:  cb 7b d8 c9 01 bf b4 b9  7d 1a cf 61 68 b0 80 5e   .{......}..ah..^  
  0070:  54 f4 30 f3 e5 1a 26 22  a9 c3 72 64 b6 b9 2c 6f   T.0...&"..rd..,o  
  0080:  1c 55 16 14 fe eb 71 d9  69 ae 6f 89 5b 7d 33 24   .U....q.i.o.[}3$  
  0090:  33 a3 33 54 63 e0 79 c5  bb c5 94 a6 2d 0b 4e f8   3.3Tc.y.....-.N.  
  00a0:  2c e9 b0 59 b3 b3 b4 18  c7 6d ff 13 c3 5a 3e 0e   ,..Y.....m...Z>.  
  00b0:  0e 34 6b 40 73 6d bf e6  9c 70 30 95 7b e2 ac 6d   .4k at sm...p0.{..m  
  00c0:  c8 58 92 e4 ca 26 be 65  a7 db 61 b3 41 8f 0e c9   .X...&.e..a.A...  
  00d0:  5d 0a c8 8d 5d 3a 1b b1  5e e9 0a 3f d8 a9 58 ab   ]...]:..^..?..X.  
  00e0:  af 65 41 aa d7 47 47 34  96 f2 13 6d a3 db 9d e2   .eA..GG4...m....  
  00f0:  72 96 d3 87 34 25 92 eb  96 38 5f 7c f8 2d e1 e4   r...4%...8_|.-..  
  0100:  26 ce f3 ba f4 fb 89 65  06 50 8c 2e ee 28 e4 c7   &......e.P...(..  
  0110:  e3 2a b1 50 44 b8 91 ed  f5 c4 5f 9c dd c6 55 f7   .*.PD....._...U.  
  0120:  0f 7f e5 5d f2 ae 10 ef  f4 ef c5 38 e7 c7 dc 85   ...].......8....  
  0130:  1e 01 a3 1b f6 d4 f6                               .......           
TLS certificate verification: depth: 0, err: 20, subject: /O=LBSD2.summitnjhome.com/OU=Domain Control Validated/CN=LBSD2.summitnjhome.com, issuer: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
TLS certificate verification: Error, unable to get local issuer certificate
tls_write: want=7, written=7
  0000:  15 03 01 00 02 02 30                               ......0           
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect.
ldap_perror
ldap_start_tls: Connect error (-11)
	additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Enter LDAP Password: 
ldap_pvt_sasl_getmech
ldap_search
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ldap_build_search_req ATTRS:
    supportedSASLMechanisms
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_dump: buf=0xa099bc8 ptr=0xa099bc8 end=0xa099c08 len=64
  0000:  30 3e 02 01 02 63 39 04  00 0a 01 00 0a 01 00 02   0>...c9.........  
  0010:  01 00 02 01 00 01 01 00  87 0b 6f 62 6a 65 63 74   ..........object  
  0020:  63 6c 61 73 73 30 19 04  17 73 75 70 70 6f 72 74   class0...support  
  0030:  65 64 53 41 53 4c 4d 65  63 68 61 6e 69 73 6d 73   edSASLMechanisms  
ber_scanf fmt ({) ber:
ber_dump: buf=0xa099bc8 ptr=0xa099bcd end=0xa099c08 len=59
  0000:  63 39 04 00 0a 01 00 0a  01 00 02 01 00 02 01 00   c9..............  
  0010:  01 01 00 87 0b 6f 62 6a  65 63 74 63 6c 61 73 73   .....objectclass  
  0020:  30 19 04 17 73 75 70 70  6f 72 74 65 64 53 41 53   0...supportedSAS  
  0030:  4c 4d 65 63 68 61 6e 69  73 6d 73                  LMechanisms       
ber_flush: 64 bytes to sd 3
  0000:  30 3e 02 01 02 63 39 04  00 0a 01 00 0a 01 00 02   0>...c9.........  
  0010:  01 00 02 01 00 01 01 00  87 0b 6f 62 6a 65 63 74   ..........object  
  0020:  63 6c 61 73 73 30 19 04  17 73 75 70 70 6f 72 74   class0...support  
  0030:  65 64 53 41 53 4c 4d 65  63 68 61 6e 69 73 6d 73   edSASLMechanisms  
ldap_write: want=64, written=64
  0000:  30 3e 02 01 02 63 39 04  00 0a 01 00 0a 01 00 02   0>...c9.........  
  0010:  01 00 02 01 00 01 01 00  87 0b 6f 62 6a 65 63 74   ..........object  
  0020:  63 6c 61 73 73 30 19 04  17 73 75 70 70 6f 72 74   class0...support  
  0030:  65 64 53 41 53 4c 4d 65  63 68 61 6e 69 73 6d 73   edSASLMechanisms  
ldap_result ld 0xa028530 msgid 2
wait4msg ld 0xa028530 msgid 2 (infinite timeout)
wait4msg continue ld 0xa028530 msgid 2 all 1
** ld 0xa028530 Connections:
* host: ldap  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Sun Nov 28 12:40:00 2010

** ld 0xa028530 Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
** ld 0xa028530 Response Queue:
   Empty
ldap_chkResponseList ld 0xa028530 msgid 2 all 1
ldap_chkResponseList returns ld 0xa028530 NULL
ldap_int_select
read1msg: ld 0xa028530 msgid 2 all 1
ber_get_next
ldap_read: want=8, got=8
  0000:  16 03 01 00 04 0e 00 00                            ........          
ber_get_next failed.
ldap_perror
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
	additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed


More information about the CentOS mailing list