directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "li pan" <purpurel...@gmail.com>
Subject apacheds 1.0.0 SSL doesn't work with outlook
Date Sun, 28 Jan 2007 04:41:25 GMT
Hi, I am using a virtual direcory (penrose) based on apacheds. I found that
Apacheds' SSL support doesn't work with outlook.

my envirment:
jdk 1.5.0_09-b03
windows xp
outlook xp
apacheds 1.0.0 (1.0.0-rc3

how to reproduce it:
1 install apacheds
2 setup ssl following
http://cwiki.apache.org/DIRxSRVx10/how-to-enable-ssl.html, except that
I change the keystore's cn=zanzibar to cn=localhost
3 startup
4 connect to 10389 using jxplorer, it works
   connect to 10636/ssl using jxplorer, also works
5 setup outlook to use localhost as ldap server
   connect to 10389, it works(but can't get any results, this doesn't
matter, I have actually setup a whole outlook readable directory, it
didn't change anything)
6 connect to 10636/ssl, it did NOT work. outlook says it can't connect
to ldap server, error code is 81
7 Access https://localhost:10636 doesn't help, IE will promot to
install the key, but outlook still can't connect to ldap.

logging:
I have enable ssl debug, here is the result :
***
found key for : localhost
chain [0] = [
[
  Version: V1
  Subject: CN=localhost, OU=ApacheDS, O=ASF, C=US
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

  Key:  Sun RSA public key, 1024 bits
  modulus: 93690567304560358207948800462304344787653972926708445137556188844906551738004646142898598110107042120590921928329357309950934630682191814787460916745097868595426737938591158043568035044490947504319107319602318803896553477562911262642591031153078445938220970218730642886893394935454832735154808627448199754771
  public exponent: 65537
  Validity: [From: Sun Jan 28 10:40:33 CST 2007,
               To: Tue Jan 27 10:40:33 CST 2009]
  Issuer: CN=localhost, OU=ApacheDS, O=ASF, C=US
  SerialNumber: [    45bc0d21]

]
  Algorithm: [MD5withRSA]
  Signature:
0000: 19 0C 0A 3C 6B 0B 8E 17   E5 C1 70 AA BF 72 D4 86  ...<k.....p..r..
0010: 55 64 AC BB 17 1A 11 C0   44 46 69 88 40 F5 AD BD  Ud......DFi.@...
0020: 77 23 A7 6E 99 3C A0 83   B7 09 9A DC 39 C1 C0 78  w#.n.<......9..x
0030: FC 05 6A 0E 1B 45 80 10   6F 22 FF 26 02 90 34 A6  ..j..E..o".&..4.
0040: 69 07 2F E1 99 7F 90 40   63 C4 EB 43 01 89 77 1A  i./....@c..C..w.
0050: 63 C0 72 3B F8 E8 55 6D   7E EE 24 BE 18 80 6F B9  c.r;..Um..$...o.
0060: 39 9F 0C 63 38 C3 4C BD   24 05 A5 A5 F9 F8 F0 85  9..c8.L.$.......
0070: 52 35 93 84 36 1E 5C 02   C0 32 7F 8A 18 F1 77 EC  R5..6.\..2....w.

]
***
trigger seeding of SecureRandom
done seeding SecureRandom
Using SSLEngineImpl.
pool-3-thread-1, READ:  SSL v2, contentType = Handshake, translated length = 65
*** ClientHello, TLSv1
RandomCookie:  GMT: 0 bytes = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
250, 123, 42, 223, 131, 145, 37, 62, 124, 178, 93, 230, 183, 185, 68,
43 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA,
SSL_RSA_EXPORT1024_WITH_RC4_56_SHA,
SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA]
Compression Methods:  { 0 }
***
matching alias: localhost
%% Created:  [Session-1, SSL_RSA_WITH_RC4_128_MD5]
*** ServerHello, TLSv1
RandomCookie:  GMT: 1153177174 bytes = { 146, 79, 74, 155, 154, 243,
55, 106, 246, 28, 71, 30, 166, 172, 134, 212, 10, 100, 60, 51, 141,
168, 35, 40, 121, 97, 168, 83 }
Session ID:  {69, 188, 22, 86, 49, 105, 6, 0, 201, 61, 99, 240, 216,
88, 87, 227, 145, 104, 237, 7, 189, 196, 82, 240, 183, 155, 35, 186,
212, 187, 188, 204}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
Cipher suite:  SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
  Version: V1
  Subject: CN=localhost, OU=ApacheDS, O=ASF, C=US
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

  Key:  Sun RSA public key, 1024 bits
  modulus: 93690567304560358207948800462304344787653972926708445137556188844906551738004646142898598110107042120590921928329357309950934630682191814787460916745097868595426737938591158043568035044490947504319107319602318803896553477562911262642591031153078445938220970218730642886893394935454832735154808627448199754771
  public exponent: 65537
  Validity: [From: Sun Jan 28 10:40:33 CST 2007,
               To: Tue Jan 27 10:40:33 CST 2009]
  Issuer: CN=localhost, OU=ApacheDS, O=ASF, C=US
  SerialNumber: [    45bc0d21]

]
  Algorithm: [MD5withRSA]
  Signature:
0000: 19 0C 0A 3C 6B 0B 8E 17   E5 C1 70 AA BF 72 D4 86  ...<k.....p..r..
0010: 55 64 AC BB 17 1A 11 C0   44 46 69 88 40 F5 AD BD  Ud......DFi.@...
0020: 77 23 A7 6E 99 3C A0 83   B7 09 9A DC 39 C1 C0 78  w#.n.<......9..x
0030: FC 05 6A 0E 1B 45 80 10   6F 22 FF 26 02 90 34 A6  ..j..E..o".&..4.
0040: 69 07 2F E1 99 7F 90 40   63 C4 EB 43 01 89 77 1A  i./....@c..C..w.
0050: 63 C0 72 3B F8 E8 55 6D   7E EE 24 BE 18 80 6F B9  c.r;..Um..$...o.
0060: 39 9F 0C 63 38 C3 4C BD   24 05 A5 A5 F9 F8 F0 85  9..c8.L.$.......
0070: 52 35 93 84 36 1E 5C 02   C0 32 7F 8A 18 F1 77 EC  R5..6.\..2....w.

]
***
*** ServerHelloDone
pool-3-thread-1, WRITE: TLSv1 Handshake, length = 594
pool-3-thread-2, called closeInbound()
pool-3-thread-2, fatal error: 80: Inbound closed before receiving
peer's close_notify: possible truncation attack?
javax.net.ssl.SSLException: Inbound closed before receiving peer's
close_notify: possible truncation attack?
pool-3-thread-2, SEND TLSv1 ALERT:  fatal, description = internal_error
pool-3-thread-2, WRITE: TLSv1 Alert, length = 2
pool-3-thread-2, called closeOutbound()
pool-3-thread-2, closeOutboundInternal()


NOTE: the last javax.net.ssl.SSLException may not be the result
reason, because I got outlook's error message before that. When I
close the outlook error message, this exception will be printed.

Mime
View raw message