directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "li pan" <purpurel...@gmail.com>
Subject Re: apacheds 1.0.0 SSL doesn't work with outlook
Date Sun, 28 Jan 2007 13:09:19 GMT
sorry, forget that. It is just because outlook want my computer name
as the cn, instead of "localhost" I use, and it didn't provide useful
information for that.

2007/1/28, li pan <purpureleaf@gmail.com>:
> Hi, I am using a virtual direcory (penrose) based on apacheds. I found that
> Apacheds' SSL support doesn't work with outlook.
>
> my envirment:
> jdk 1.5.0_09-b03
> windows xp
> outlook xp
> apacheds 1.0.0 (1.0.0-rc3
>
> how to reproduce it:
> 1 install apacheds
> 2 setup ssl following
> http://cwiki.apache.org/DIRxSRVx10/how-to-enable-ssl.html, except that
> I change the keystore's cn=zanzibar to cn=localhost
> 3 startup
> 4 connect to 10389 using jxplorer, it works
>   connect to 10636/ssl using jxplorer, also works
> 5 setup outlook to use localhost as ldap server
>   connect to 10389, it works(but can't get any results, this doesn't
> matter, I have actually setup a whole outlook readable directory, it
> didn't change anything)
> 6 connect to 10636/ssl, it did NOT work. outlook says it can't connect
> to ldap server, error code is 81
> 7 Access https://localhost:10636 doesn't help, IE will promot to
> install the key, but outlook still can't connect to ldap.
>
> logging:
> I have enable ssl debug, here is the result :
> ***
> found key for : localhost
> chain [0] = [
> [
>  Version: V1
>  Subject: CN=localhost, OU=ApacheDS, O=ASF, C=US
>  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
>
>  Key:  Sun RSA public key, 1024 bits
>  modulus: 93690567304560358207948800462304344787653972926708445137556188844906551738004646142898598110107042120590921928329357309950934630682191814787460916745097868595426737938591158043568035044490947504319107319602318803896553477562911262642591031153078445938220970218730642886893394935454832735154808627448199754771
>  public exponent: 65537
>  Validity: [From: Sun Jan 28 10:40:33 CST 2007,
>               To: Tue Jan 27 10:40:33 CST 2009]
>  Issuer: CN=localhost, OU=ApacheDS, O=ASF, C=US
>  SerialNumber: [    45bc0d21]
>
> ]
>  Algorithm: [MD5withRSA]
>  Signature:
> 0000: 19 0C 0A 3C 6B 0B 8E 17   E5 C1 70 AA BF 72 D4 86  ...<k.....p..r..
> 0010: 55 64 AC BB 17 1A 11 C0   44 46 69 88 40 F5 AD BD  Ud......DFi.@...
> 0020: 77 23 A7 6E 99 3C A0 83   B7 09 9A DC 39 C1 C0 78  w#.n.<......9..x
> 0030: FC 05 6A 0E 1B 45 80 10   6F 22 FF 26 02 90 34 A6  ..j..E..o".&..4.
> 0040: 69 07 2F E1 99 7F 90 40   63 C4 EB 43 01 89 77 1A  i./....@c..C..w.
> 0050: 63 C0 72 3B F8 E8 55 6D   7E EE 24 BE 18 80 6F B9  c.r;..Um..$...o.
> 0060: 39 9F 0C 63 38 C3 4C BD   24 05 A5 A5 F9 F8 F0 85  9..c8.L.$.......
> 0070: 52 35 93 84 36 1E 5C 02   C0 32 7F 8A 18 F1 77 EC  R5..6.\..2....w.
>
> ]
> ***
> trigger seeding of SecureRandom
> done seeding SecureRandom
> Using SSLEngineImpl.
> pool-3-thread-1, READ:  SSL v2, contentType = Handshake, translated length = 65
> *** ClientHello, TLSv1
> RandomCookie:  GMT: 0 bytes = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
> 250, 123, 42, 223, 131, 145, 37, 62, 124, 178, 93, 230, 183, 185, 68,
> 43 }
> Session ID:  {}
> Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
> SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA,
> SSL_RSA_EXPORT1024_WITH_RC4_56_SHA,
> SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
> SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA]
> Compression Methods:  { 0 }
> ***
> matching alias: localhost
> %% Created:  [Session-1, SSL_RSA_WITH_RC4_128_MD5]
> *** ServerHello, TLSv1
> RandomCookie:  GMT: 1153177174 bytes = { 146, 79, 74, 155, 154, 243,
> 55, 106, 246, 28, 71, 30, 166, 172, 134, 212, 10, 100, 60, 51, 141,
> 168, 35, 40, 121, 97, 168, 83 }
> Session ID:  {69, 188, 22, 86, 49, 105, 6, 0, 201, 61, 99, 240, 216,
> 88, 87, 227, 145, 104, 237, 7, 189, 196, 82, 240, 183, 155, 35, 186,
> 212, 187, 188, 204}
> Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
> Compression Method: 0
> ***
> Cipher suite:  SSL_RSA_WITH_RC4_128_MD5
> *** Certificate chain
> chain [0] = [
> [
>  Version: V1
>  Subject: CN=localhost, OU=ApacheDS, O=ASF, C=US
>  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
>
>  Key:  Sun RSA public key, 1024 bits
>  modulus: 93690567304560358207948800462304344787653972926708445137556188844906551738004646142898598110107042120590921928329357309950934630682191814787460916745097868595426737938591158043568035044490947504319107319602318803896553477562911262642591031153078445938220970218730642886893394935454832735154808627448199754771
>  public exponent: 65537
>  Validity: [From: Sun Jan 28 10:40:33 CST 2007,
>               To: Tue Jan 27 10:40:33 CST 2009]
>  Issuer: CN=localhost, OU=ApacheDS, O=ASF, C=US
>  SerialNumber: [    45bc0d21]
>
> ]
>  Algorithm: [MD5withRSA]
>  Signature:
> 0000: 19 0C 0A 3C 6B 0B 8E 17   E5 C1 70 AA BF 72 D4 86  ...<k.....p..r..
> 0010: 55 64 AC BB 17 1A 11 C0   44 46 69 88 40 F5 AD BD  Ud......DFi.@...
> 0020: 77 23 A7 6E 99 3C A0 83   B7 09 9A DC 39 C1 C0 78  w#.n.<......9..x
> 0030: FC 05 6A 0E 1B 45 80 10   6F 22 FF 26 02 90 34 A6  ..j..E..o".&..4.
> 0040: 69 07 2F E1 99 7F 90 40   63 C4 EB 43 01 89 77 1A  i./....@c..C..w.
> 0050: 63 C0 72 3B F8 E8 55 6D   7E EE 24 BE 18 80 6F B9  c.r;..Um..$...o.
> 0060: 39 9F 0C 63 38 C3 4C BD   24 05 A5 A5 F9 F8 F0 85  9..c8.L.$.......
> 0070: 52 35 93 84 36 1E 5C 02   C0 32 7F 8A 18 F1 77 EC  R5..6.\..2....w.
>
> ]
> ***
> *** ServerHelloDone
> pool-3-thread-1, WRITE: TLSv1 Handshake, length = 594
> pool-3-thread-2, called closeInbound()
> pool-3-thread-2, fatal error: 80: Inbound closed before receiving
> peer's close_notify: possible truncation attack?
> javax.net.ssl.SSLException: Inbound closed before receiving peer's
> close_notify: possible truncation attack?
> pool-3-thread-2, SEND TLSv1 ALERT:  fatal, description = internal_error
> pool-3-thread-2, WRITE: TLSv1 Alert, length = 2
> pool-3-thread-2, called closeOutbound()
> pool-3-thread-2, closeOutboundInternal()
>
>
> NOTE: the last javax.net.ssl.SSLException may not be the result
> reason, because I got outlook's error message before that. When I
> close the outlook error message, this exception will be printed.
>

Mime
View raw message