<br><font size=2 face="sans-serif">Hi Michael,</font>
<br>
<br><font size=2 face="sans-serif">Here is the result with openssl. It
also "sometimes" work...</font>
<br>
<br>
<br><font size=2 face="sans-serif">gvm@endor:~/Temp/PYSSL> openssl s_client
-connect 192.168.1.5:636 -CAfile /home/gvm/Temp/PYSSL/rootca.pem -cert
/home/gvm/Temp/PYSSL/endor-crt.pem -key /home/gvm/Temp/PYSSL/endor-key.pem</font>
<br><font size=2 face="sans-serif">CONNECTED(00000003)</font>
<br><font size=2 face="sans-serif">depth=1 /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=CAS_SK</font>
<br><font size=2 face="sans-serif">verify return:1</font>
<br><font size=2 face="sans-serif">depth=0 /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=eowyn.doom.be</font>
<br><font size=2 face="sans-serif">verify return:1</font>
<br><font size=2 face="sans-serif">15313:error:140790E5:SSL routines:SSL23_WRITE:ssl
handshake failure:s23_lib.c:188:</font>
<br>
<br>
<br>
<br>
<br>
<br>
<br><font size=2 face="sans-serif">gvm@endor:~/Temp/PYSSL> openssl s_client
-connect 192.168.1.5:636 -CAfile /home/gvm/Temp/PYSSL/rootca.pem -cert
/home/gvm/Temp/PYSSL/endor-crt.pem -key /home/gvm/Temp/PYSSL/endor-key.pem</font>
<br><font size=2 face="sans-serif">CONNECTED(00000003)</font>
<br><font size=2 face="sans-serif">depth=1 /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=CAS_SK</font>
<br><font size=2 face="sans-serif">verify return:1</font>
<br><font size=2 face="sans-serif">depth=0 /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=eowyn.doom.be</font>
<br><font size=2 face="sans-serif">verify return:1</font>
<br><font size=2 face="sans-serif">15318:error:140790E5:SSL routines:SSL23_WRITE:ssl
handshake failure:s23_lib.c:188:</font>
<br><font size=2 face="sans-serif">gvm@endor:~/Temp/PYSSL> openssl s_client
-connect 192.168.1.5:636 -CAfile /home/gvm/Temp/PYSSL/rootca.pem -cert
/home/gvm/Temp/PYSSL/endor-crt.pem -key /home/gvm/Temp/PYSSL/endor-key.pem</font>
<br><font size=2 face="sans-serif">CONNECTED(00000003)</font>
<br><font size=2 face="sans-serif">depth=1 /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=CAS_SK</font>
<br><font size=2 face="sans-serif">verify return:1</font>
<br><font size=2 face="sans-serif">depth=0 /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=eowyn.doom.be</font>
<br><font size=2 face="sans-serif">verify return:1</font>
<br>
<br><font size=2 face="sans-serif">---</font>
<br><font size=2 face="sans-serif">Certificate chain</font>
<br><font size=2 face="sans-serif"> 0 s:/C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=eowyn.doom.be</font>
<br><font size=2 face="sans-serif"> i:/C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=CAS_SK</font>
<br><font size=2 face="sans-serif">---</font>
<br><font size=2 face="sans-serif">Server certificate</font>
<br><font size=2 face="sans-serif">-----BEGIN CERTIFICATE-----</font>
<br><font size=2 face="sans-serif">MIICjDCCAfWgAwIBAgIBHDANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJCRTEU</font>
<br><font size=2 face="sans-serif">MBIGA1UEBxMLSG9vZ3N0cmF0ZW4xEDAOBgNVBAoTB0NBVHJ1c3QxDDAKBgNVBAsT</font>
<br><font size=2 face="sans-serif">A1BLSTEPMA0GA1UEAwwGQ0FTX1NLMB4XDTA2MTAxNzEwNDk1NVoXDTA3MTAxNzEw</font>
<br><font size=2 face="sans-serif">NDk1NVowWzELMAkGA1UEBhMCQkUxFDASBgNVBAcTC0hvb2dzdHJhdGVuMRAwDgYD</font>
<br><font size=2 face="sans-serif">VQQKEwdDQVRydXN0MQwwCgYDVQQLEwNQS0kxFjAUBgNVBAMTDWVvd3luLmRvb20u</font>
<br><font size=2 face="sans-serif">YmUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL6pGS7FO76CcZuDBOtwso5+</font>
<br><font size=2 face="sans-serif">H1Sr/9hfDy2Cymp0gLixW1Fga5xdsO+hiV255NDiI2jQHvjP/FloThEp5UzJVwTY</font>
<br><font size=2 face="sans-serif">lvT50APyGl1f2g/Akv8eqvK12TyOAtGwuj8SXzayyEzsWtzlN2NFnlWEKJc0qh6Q</font>
<br><font size=2 face="sans-serif">l2UmDo/ggGxJBxxlfBkNAgMBAAGjZzBlMB8GA1UdIwQYMBaAFDhp/FYUPtJVxyCc</font>
<br><font size=2 face="sans-serif">64ksf3y38HKIMB0GA1UdDgQWBBQ/g+qO3W1SDxsEJu86QgEzTrZAVDAOBgNVHQ8B</font>
<br><font size=2 face="sans-serif">Af8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEFBQADgYEA</font>
<br><font size=2 face="sans-serif">ASmsG3ltOTkUJWv5zlTSZ69sr9hSjOeSC+wqiKFI0fqmbbcMkiDdxp+olwZwE3LM</font>
<br><font size=2 face="sans-serif">RGwg9KXU4MZjQsMbDPoySPqDvHh4LlDOeMx8SVqvfQxQa/SnOYIGtONl3CosVe81</font>
<br><font size=2 face="sans-serif">P19ynZeq4z+QzubR4F1Is3dqYqL9zYi0k4z2F0pXixA=</font>
<br><font size=2 face="sans-serif">-----END CERTIFICATE-----</font>
<br><font size=2 face="sans-serif">subject=/C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=eowyn.doom.be</font>
<br><font size=2 face="sans-serif">issuer=/C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=CAS_SK</font>
<br><font size=2 face="sans-serif">---</font>
<br><font size=2 face="sans-serif">Acceptable client certificate CA names</font>
<br><font size=2 face="sans-serif">/C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=CAS_SK</font>
<br><font size=2 face="sans-serif">/C=US/O=VeriSign, Inc./OU=Class 1 Public
Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized
use only/OU=VeriSign Trust Network</font>
<br><font size=2 face="sans-serif">/C=US/O=VeriSign, Inc./OU=Class 4 Public
Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized
use only/OU=VeriSign Trust Network</font>
<br><font size=2 face="sans-serif">/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte
Consulting/OU=Certification Services Division/CN=Thawte Personal Freemail
CA/emailAddress=personal-freemail@thawte.com</font>
<br><font size=2 face="sans-serif">/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte
Consulting/OU=Certification Services Division/CN=Thawte Personal Premium
CA/emailAddress=personal-premium@thawte.com</font>
<br><font size=2 face="sans-serif">/C=US/O=First Data Digital Certificates
Inc./CN=First Data Digital Certificates Inc. Certification Authority</font>
<br><font size=2 face="sans-serif">/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte
Consulting/OU=Certification Services Division/CN=Thawte Personal Basic
CA/emailAddress=personal-basic@thawte.com</font>
<br><font size=2 face="sans-serif">/C=US/O=VeriSign, Inc./OU=Class 3 Public
Primary Certification Authority</font>
<br><font size=2 face="sans-serif">/C=US/O=VeriSign, Inc./OU=Class 2 Public
Primary Certification Authority</font>
<br><font size=2 face="sans-serif">/C=US/O=VeriSign, Inc./OU=Class 1 Public
Primary Certification Authority</font>
<br><font size=2 face="sans-serif">/C=US/O=VeriSign, Inc./OU=Class 3 Public
Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized
use only/OU=VeriSign Trust Network</font>
<br><font size=2 face="sans-serif">/C=US/O=GTE Corporation/CN=GTE CyberTrust
Root</font>
<br><font size=2 face="sans-serif">/C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=EOWYN
CA</font>
<br><font size=2 face="sans-serif">/C=US/O=GTE Corporation/OU=GTE CyberTrust
Solutions, Inc./CN=GTE CyberTrust Global Root</font>
<br><font size=2 face="sans-serif">/OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft
Corporation/CN=Microsoft Root Authority</font>
<br><font size=2 face="sans-serif">/C=US/O=VeriSign, Inc./OU=Class 2 Public
Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized
use only/OU=VeriSign Trust Network</font>
<br><font size=2 face="sans-serif">/C=US/O=GTE Corporation/OU=GTE CyberTrust
Solutions, Inc./CN=GTE CyberTrust Root</font>
<br><font size=2 face="sans-serif">---</font>
<br><font size=2 face="sans-serif">SSL handshake has read 3261 bytes and
written 1781 bytes</font>
<br><font size=2 face="sans-serif">---</font>
<br><font size=2 face="sans-serif">New, TLSv1/SSLv3, Cipher is RC4-MD5</font>
<br><font size=2 face="sans-serif">Server public key is 1024 bit</font>
<br><font size=2 face="sans-serif">Compression: NONE</font>
<br><font size=2 face="sans-serif">Expansion: NONE</font>
<br><font size=2 face="sans-serif">SSL-Session:</font>
<br><font size=2 face="sans-serif"> Protocol : TLSv1</font>
<br><font size=2 face="sans-serif"> Cipher :
RC4-MD5</font>
<br><font size=2 face="sans-serif"> Session-ID: 830A000079AD969762D5CA1CC27D874EADB5777B7F9AF5A191900602703F0F9B</font>
<br><font size=2 face="sans-serif"> Session-ID-ctx:</font>
<br><font size=2 face="sans-serif"> Master-Key: 2D17CCBF98E9610A5043C5348A5551717846756EFAE04734239A1DBA6D044788D3A34E7074E108CD12D1364586B2405E</font>
<br><font size=2 face="sans-serif"> Key-Arg : None</font>
<br><font size=2 face="sans-serif"> Start Time: 1161103751</font>
<br><font size=2 face="sans-serif"> Timeout : 300 (sec)</font>
<br><font size=2 face="sans-serif"> Verify return code: 0
(ok)</font>
<br><font size=2 face="sans-serif">---</font>
<br><font size=2 face="sans-serif">read:errno=0</font>
<br><font size=2 face="sans-serif">gvm@endor:~/Temp/PYSSL> </font>
<br>
<br>
<br><font size=2 face="sans-serif">Thanks,</font>
<br><font size=2 face="sans-serif">Geert</font>
<br>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td>
<td><font size=1 face="sans-serif"><b>Michael Ströder <michael@stroeder.com></b></font>
<br><font size=1 face="sans-serif">Sent by: python-ldap-dev-bounces@lists.sourceforge.net</font>
<p><font size=1 face="sans-serif">10/17/2006 06:18 PM</font>
<td><font size=1 face="Arial"> </font>
<br><font size=1 face="sans-serif"> To:
geert.van.muylem@utimaco.be</font>
<br><font size=1 face="sans-serif"> cc:
python-ldap-dev@lists.sourceforge.net</font>
<br><font size=1 face="sans-serif"> Subject:
Re: SSL and AD</font></table>
<br>
<br>
<br><font size=2><tt>geert.van.muylem@utimaco.be wrote:<br>
><br>
> Strange things are happening: It sometimes works.<br>
</tt></font>
<br><font size=2><tt>Hmm, this kind of error we all like most... ;-)<br>
</tt></font>
<br><font size=2><tt>> I can sometime make an<br>
> ssl connection with client authentication,<br>
> search for some entries,,,<br>
</tt></font>
<br><font size=2><tt>Could you please verify that your connection always
works on<br>
command-line without python-ldap?<br>
</tt></font>
<br><font size=2><tt>openssl s_client ...<br>
</tt></font>
<br><font size=2><tt>Ciao, Michael.<br>
</tt></font>
<br><font size=2><tt>-------------------------------------------------------------------------<br>
Using Tomcat but need to do more? Need to support web services, security?<br>
Get stuff done quickly with pre-integrated technology to make your job
easier<br>
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo<br>
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642<br>
_______________________________________________<br>
Python-LDAP-dev mailing list<br>
Python-LDAP-dev@lists.sourceforge.net</tt></font>
<br><font size=2><tt>https://lists.sourceforge.net/lists/listinfo/python-ldap-dev</tt></font>
<br>