OpenLDAP ldapsearch connect to OID with SSL?

I can connect to LDAPS with the Oracle ldapsearch client, but not with the OpenLdap ldapsearch client. I'm using OID 10.1.4.2. Is there a way to get OpenLdap clients to connect using SSL?
The following works:
Non-SSL With Oracle ldapsearch
$OH/bin/ldapsearch -h HOST -p 3389 -D "cn=orcladmin" -w MYPASSWORD "(objectClass=person)" cn
Non-SSL With OpenLdap ldapsearch
/usr/bin/ldapsearch -x -L -h HOST -p 3389 -b "" -D "cn=orcladmin" -w MYPASSWORD "(objectClass=person)" cn
SSL With Oracle ldapsearch
$OH/bin/ldapsearch -h HOST -p 3636 -U 1 -D "cn=orcladmin" -w MYPASSWORD "(objectClass=person)" cn
The following fails - appearing to hang:
SSL With OpenLdap ldapsearch
/usr/bin/ldapsearch -x -h HOST -p 3636 -b "" -D "cn=orcladmin" -w MYPASSWORD "(objectClass=person)" cn
/usr/bin/ldapsearch -I -h HOST -p 3636 -b "" -D "cn=orcladmin" -w MYPASSWORD "(objectClass=person)" cn
I see the following in logs under $OH/ldap/log/
SSLthread:23 * ERROR * gslsflnNegotiateSSL * SSL Hand Shake failed

I haven't done this myself, but looks like you want the -Z switch. Issuing the command without any parameters should print out the usage details.
-Vinod

Similar Messages

Can't connect to OID using SSL (handshake failed NZerr 29039)

Hi!
I'm trying to set up OID running on Windows Server 2003 for testing purposes.
I have downloaded the files as_windows_x86_oim_oif_101401_disk(1/2) and installed Oracle Internet Directory only.
I'm able to connect using standard clear text and using Oracle Directory Manager.
I have followed the instructions on this page (chapter 17):
[http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/b15991/ssl.htm]
Using Oracle Wallet Manager I have generated a certificate request with the key size of 2048.
I'm unsure what I was supposed to enter into the subject name of the request so I entered just "oid_idm", it looks like this now: "CN=oid_idm,C=US".
I then used my Novell eDirectory CA to sign the request and to generate the certificate. I exported the CA certificate from eDirectory and imported it into the wallet, it's listed under Trusted Certificates as "META-TREE", I then imported my signed certificate into the wallet and it says Certificate:Ready now.
The wallet is saved into C:\Documents and Settings\Administrator.DC-1\ORACLE\WALLETS.
Auto Login is enabled.
Using Directory Manager I right-clicked Configuration Set1 and selected "Create Like"
I configured the new set to listen on non-SSL port 1389 and SSL port 1636,
SSL Authentication: No SSL Authentication
SSL Enable: SSL only
SSL Wallet URL: file:C:\Documents and Settings\Administrator.DC-1\ORACLE\WALLETSSSL Port: 1636
Then I changed the OracleServiceORCL
to run as Administrator. Restarted the server, started the new instance (2).
Using this command on the OID server I can connect:
ldapsearch -D cn=orcladmin -w secret -U 1 -h 192.168.0.101 -p 1636 -b dc=lab -s base "objectclass=*"
Trying to connect from my Linux server using it's own ldapsearch it doesn't work, I get the error: ldap_bind: Can't contact LDAP server
Trying to connect using Apache Directory Studio or LDAP Browser\Editor also doesn't work (SSL connection).
I can see the following in the log no matter which of the tree tools above I try to use:
2008/10/12:13:01:09 * SSLthread:19 * ERROR * gslsflnNegotiateSSL * SSL Hand Shake failed Source address: 192.168.0.15(WINDESK)
* (NZerr 29039)
Any ideas what I can do to solve this issue?
Thanks!

If you are using openldap commands in your linux machine, you can get some issues with OID. Try with oracle ldap client command if you have it installed in your linux machine. Also try to use a ldapbrowser java client to confirm that your installation is fine it is the better choice to test your environment from remote machines.

Problem connecting to LDAP with SSL enabled

Hi,
I'm trying to connect to Active Directory with JNDI, but I got a few problems.
I use Win2003 server, I tried the code from adler_steven (very good and works well), but I got a problem when I want to connect over TLS.
Apparently, I have to install the SSL/TLS on the machine. I tried to follow the howto http://support.microsoft.com/default.aspx?scid=kb;en-us;321051, but i got an error when i create a new certifcate :
Expected INF file section name 0xe0000000 (INF:-536870912) request.inf.
I tried differents stuff but without results.
I'm not able to install it, so when I run the code I've got the errors :
IO Exception, Problem creating object: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
It s a first time that I use the JNDI API and LDAP (Active Directory ) sorry for any incomprehension, but I really need to finish the program.
Thanks in advance
cyroul

Hi,
I'm trying to connect to Active Directory with JNDI, but I got a few problems.
I use Win2003 server, I tried the code from adler_steven (very good and works well), but I got a problem when I want to connect over TLS.
Apparently, I have to install the SSL/TLS on the machine. I tried to follow the howto http://support.microsoft.com/default.aspx?scid=kb;en-us;321051, but i got an error when i create a new certifcate :
Expected INF file section name 0xe0000000 (INF:-536870912) request.inf.
I tried differents stuff but without results.
I'm not able to install it, so when I run the code I've got the errors :
IO Exception, Problem creating object: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
It s a first time that I use the JNDI API and LDAP (Active Directory ) sorry for any incomprehension, but I really need to finish the program.
Thanks in advance
cyroul

Mail 5.0 cannot connect to imap with SSL. Broke when 10.7 lion was installed.

Install 10.7, IMAP mail is broken. Rejecting credentials. Credentials verified through browser access. So broken, and error message states reason not based in fact. Mail server SSL is required, cannot turn it off. Worked fine in right before lion install, when still running 10.6.8.

Hi, this has worked for a few...
Make a New Location, Using network locations in Mac OS X ...
http://support.apple.com/kb/HT2712
10.7 & 10.8…
System Preferences>Network, top of window>Locations>Edit Locations, little plus icon, give it a name.
10.5.x/10.6.x/10.7.x instructions...
System Preferences>Network, click on the little gear at the bottom next to the + & - icons, (unlock lock first if locked), choose Set Service Order.
The interface that connects to the Internet should be dragged to the top of the list.
For 10.5/10.6/10.7, System Preferences>Network, unlock the lock if need be, highlight the Interface you use to connect to Internet, click on the advanced button, click on the DNS tab, click on the little plus icon, then add these numbers...
208.67.222.222
208.67.220.220
Click OK.

OEL ldap client setup with SSL against OID using either ldaps or starttls

Hi, I've got OID 11.1.1.1.0 running with SSL enabled on port 3132. It's running in mode 2, SSL Server Authentication mode (orclsslauthentication is set to 32). I'd like to setup my OEL 5.3 and Solaris 10 ldap clients to connect to OID using SSL for user authentication. I have everything already working on the non-SSL port (3060), but I need to switch over to SSL. So far I can't get it to work on either OEL or Solaris. Does anyone out there know how to configure the client to use SSL?
Here's my /etc/ldap.conf file on OEL 5.3.
timelimit 120
bind_timelimit 120
idle_timelimit 3600
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
URI ldaps://FQDN:3132/
port 3132
ssl yes
host FQDN
base dc=DOMAIN,dc=com
pam_password clear
tls_cacertdir /etc/oracle-certs
tls_cacertfile /etc/oracle-certs/oid-test-ca.pem
tls_ciphers SSLv3
# filter to AND with uid=%s
pam_filter objectclass=posixaccount
#The search scope
scope sub
I have /etc/nsswitch.conf set to check for files first, then ldap
passwd: files ldap
shadow: files ldap
group: files ldap
Here's my /etc/openldap/ldap.conf file
URI ldaps://FQDN:3132/
BASE dc=DOMAIN,dc=com
TLS_CACERT /etc/openldap/cacerts/oid-test-ca.pem
TLS_CACERTDIR /etc/openldap/cacerts
TLS_REQCERT allow
TLS_CIPHERS SSLv3
The oid-test-ca.pem is a self-signed cert from the OID server. I also have the hash file configured.
4224de9f.0 -> oid-test-ca.pem
I can run ldapsearch using ldaps and it works fine.
ldapsearch -v -d 1 -x -H ldaps://FQDN:3132 -b "dc=DOMAIN,dc=com" -D "cn=user,cn=users,dc=DOMAIN,dc=com" -w somepass -s sub objectclass=* | more
But when I run the 'getent passwd' command, it only shows me my local user accounts and none of my ldap accounts. I also can't SSH in using a ldap account.
Solaris 10 is actually a whole other beast...I'm using the native Solaris ldap client (not PADL based) and I don't think it even works with SSL unless you're using the default ports (389/636).
Does anyone out there know how to setup the client-side for ldap authentication using SSL? Any tips, howto docs, or advice are appreciated. Thanks!

Hello again...
after some research and work together with Oracle Support I found out how to get it to work:
1. You have to create your own ConfigSet in OID using
SSL-Server-Authentication
(OpenSSL seems not to support SSL-encryption-only).
The following link shows on how to do that:
http://otn.oracle.com/products/oid/oidhtml/oidqs/html_masters/a_port01.htm
2. Add the following lines to your $HOME/ldaprc
TLS_CACERT /home/frank/oid-caroot.pem
TLS_REQCERT allow
TLS_CIPHERS SSLv3
ssl on
tls_checkpeer no
oid-caroot.pem is the CA-Root Certificate you got
during step 1
3. you should now be able to use ldapsearch using SSL
If you still can't connect using SSL you may have run into another issue with OpenSSL which affects systems using OpenSSL version 0.9.6d and above. The problem seems to be caused by an security fix which may not be compliant with the SSL implementation of Oracle.
I opened an Bug for that problem with RedHat. This Bug Description also includes an proposal for an Patch which solves the problem (but may introduce some security risks). See the Bug at RedHat:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123849
Bye
Frank Berger

Cannot access to any site with ssl connection and fail to open safari and keychain, unless restart computer and login in with Guest account.

when Update to 10.7.2 ,I cannot access to any site with ssl connection and fail to open safari and keychain, unless restart computer and login in with Guest account.
OS:10.7.2
Macbook Pro 2010-mid 13inch

I also have the same problem, however if I use Firefox or Opera sites with ssl connection work fine. Still, I can't use Google Chrome (ssl), Safari (ssl), the Mac app store (generally), or the iTunes store (generally). Both the iTunes store, Safari and the app store won't respond, and Chrome displays this error: (net::ERR_TIMED_OUT). The problem persists regardless of what network I'm using. Also, when trying to access the keychain or iCloud, the process will not start (will hang). I didn't have these problems at all before updating to 10.7.2.
Sometimes rebooting helps, and sometimes not. If the problem disappears by rebooting, then it only lasts a few minutes before it reappears. It is very frustrating, especially since there doesn't seem to be any obvious or consistent way of which to fix it.
I'm also using a Macbook Pro 13-inch mid 2010.

Problem on connect to two servers with SSL

Hey all!
I've got a problem with connecting to two different servers via SSL in one Application. Every Connection works fine on its one via SSL.
But if i try to initialize a new connection it fails every time.
My thought is that the problem is the DriverManager. I'm not quite sure how this DriverManager works, but what i know is that it's a single-ton Class and with that maybe stores some parameters from the first connection which didn't get reloaded when trying to make a new connection.
Here's the way i create the connection ..
    String host="best.host.ever";
    int port="3306";
    String MYSQL_URL="jdbc:mysql://"+this.host+":"+this.port+"/";
    DBName="db_foobar";
    sqlProps = new Properties();
    sqlProps.setProperty("user","foo");
    sqlProps.setProperty("password","bar");
    sqlProps.setProperty("zeroDateTimeBehavior","convertToNull");
    sqlProps.setProperty("useSSL","true");
    System.setProperty("javax.net.ssl.trustStore", trustStore);
    System.setProperty("javax.net.ssl.trustStorePassword", "trustpass");
    System.setProperty("javax.net.ssl.keyStore", keyStore);
    System.setProperty("javax.net.ssl.keyStorePassword", "keypass");
    System.setProperty("javax.net.debug","ssl");
    printDebug("[Konstruktor] : Connecting to "+MYSQL_URL);
    try {
         Class.forName("org.gjt.mm.mysql.Driver").newInstance();
         this.conn = DriverManager.getConnection(MYSQL_URL+DBName,sqlProps);
        connectionCount++;
        initOK=true;
    //Catch stuff following...Is it possible that the System.properties i'm setting are only readed one time by the DriverManager (if it's readed by the DriverManager at all)?
So when i initialize a new Object with different System.properties they may not get used again.
Hopefully somebody has an explanation or a solution for this.
Besides: If i launch the programm twice it's no problem to have to differen SSL connections at the same time.
Thanks for reading and in advance for trying to help!

Yep, it's the standard authentication failure message. (The error code is 1045).
The Exception which is thrown is a SQLException with the message:
Access denied for user 'username'@'p54BB743D.dip.t-dialin.net' (using password: YES)
errorcode: 1045
The code i'm using runs well with one connection and even with multiple connections as long as not more than one connection are using SSL.
To explain:
The user has the possibility to run the application with a user defined data-source (the connection). You can add a new connection and the application will then add a tabbed pane with the same gui but uses the other data source then.
This runs fine with multiple connections (I managed to work on 3 differen intranet servers and 2 different servers online, one of them using SSL)
So all together 5 Connections. Now i wanted to add a 6th server with SSL two and thats the point where it crashes. (Both SSL Servers run perfect on their own with my application - only both together doesnt work).
About that: Class.forName, yes i'm using it every time when i make a new Connection. This is wrong? Could you explain why?
Anyway thanks for your answers so far!
Message was edited by:
Hotkey_ger

Error: [NQSError:13037] cannot connect to BI security service,Please make sure this is running properly (with SSL or not) in EM

Hi,
Im unable to open the RPD online getting following error.
Note: Im not done any changes. Its works good till yesterday EOD.
Error:
[NQSError:13037] cannot connect to BI security service,Please make sure this is running properly (with SSL or not) in EM.
[NQSError:37001] could not connect to the oracle BI server instance..
Kindly help me to fix this issue.

Hi,
Could you access the answer side.
Could you see the reports.
Do one thing, take a back up of NQS config file from <Oracle Location>\instance\instance1\config\obiserver folder\nqsconfig.ini file.
Copy nqs config file if you have already have a back up.
Restart the services and try once.
http://mkashu.blogspot.com
Regards,
VG

IE unable to connect to Oracle HTTP Server v10.1.2 with SSL

Hi,
I configured OHS with SSL to run APEX applications.
This configuration can be run from Mozilla browsers and Opera, but not from Internet Explorer.
I suspect that IE doesn't support 256-bit encryption, as both browser above support it. So I set several combination of SSL Cipher Suite in ssl.conf. I also set IE to use TLS v1, SSLv2, and SSLv3. But this doesn't show any results. I also found that several sites which has 256 bit encryption (read the information from Mozilla and Opera browser) can also be opened by IE (read as 128 bit encryption). So I guess the encryption is not the problem, and I move on to the Apache error_log files.
What I found from Apache's error_log.xxxx is
[error] mod_ossl: SSL call to NZ function nzos_Handshake failed with error 29014 (server ---.---.com:4443, client --.--.--.--)
[error] mod_ossl: Unknown error
[error] mod_ossl: SSL call to NZ function nzos_Handshake failed with error 28864 (server ---.---.com:4443, client --.--.--.--)
[error] mod_ossl: SSL IO error [Hint: the client stop the connection unexpectedly]
So I looked in the Metalink and found Note:312041.1 and applied patch 4960210 and restart the server. But now it wouldn't start at all, despite that all configuration files were not changed.
Any help would be greatly appreciated.
Regards,
Aulia Bismar

You can use any PKCS#12 file with OHS if it includes the complete private key and certificate chain. With Oracle Wallet Manager (owm) you could also create a private key, import it, import the CA certificate as trusted certificate, create a certificate request for the private key, get the certificate response from the CA and import this.
If you use an unsual CA, ie cacert.org, you must import the CA root certificate as a trusted server certificate for IE.
--olaf

JDBC Thin Connections with SSL and client certificates

Hi ,
we are going have a look at JDBC Thin Connections with SSL and client certificates.
I have two questions:
1. Is it possible to use SSL connections from JDBC Thin Driver and which release of the driver introduced it
2. Is it possible to use client certificates with JDBC Thin Driver and which release of the driver introduced it
Thanks for your help
regards
Markus Reichert

I could not reproduce the error after appending the SSL certificate to the certdb.txt file available under $Jinitiator_Home/lib/security folder.
Steps to add the SSL Certificate:
1. Run the form with the https mode in the IE Browser.
2. Security Alert is raised.
3. Click on the View Certificate button.
4. In the Certificate Window, click on the Details tab.
5. Click on the Copy to File button to copy the certificate.
6. Copy the certificate and append to the certdb.txt file.

HT201412 I have a problem connecting to the server (SSL problem) on my new Apple ipad. I was supplied with a new ID password, but I am unable to get into my settings and email. Could someone please offer a suggestion? Thanks! A.A.

I have a problem connecting to the server (SSL problem) on my new Apple Ipad (iOS6). When submitting my Apple ID password, I am prevented from signing in to a secure connection due to an SSL problem. Any suggestions ?? Thank you!

Sounds more like you have a problem with your apple id. For starters go to that page click manage my apple id and singn in. If you can't sign in reset password.
https://appleid.apple.com
if you can sign in there, try to sign in to itunes on your computer.

Can the ACE bind (probe) to a Openldap with ssl?

We current have a unencrypted LDAP and I use the LDAP script probe from cisco for the probe.
We are moving to OPENLDAP with SSL, is there a way of binding with a probe SSL OpenLdap configured.

Hi Cecil,
It does not have a probe like that but you can create a custom TCL to accomplish this behavior. I'll recommend you to contact your Cisco Account Manager or Cisco System Engineer, they can help you with this
Cesar R
ANS Team

Getting error "Problem with SSL Certificate" but I'm connecting to my private server without SSL

I wanted to create a PDF from a subtree at a website. The first problem was that Acrobat Pro (11.0.7) wouldn't spider it (probably because there was a robot.txt file there) so I had to use SiteSucker to pull the pages down to my Mac.
Then I discovered that Acrobat Pro can't handle file:/// URLs so that was no good either
So then I copied all the pages to a folder on my Linux server where I use a non-standard port (86) for http connection as a minor security precaution.
When I tried to access that from Acrobat Pro, it bitched about a problem with SSL Certificate but gave me no option to do anything about it. More relevantly, all the files were accessible using http protocol, not https so there shouldn't have been any need to deal with SSL certificates at all
I had to temporarily enable port 80 on my apache server at which point it's now pulling all the files in and hopefully converting them.
A) We're at version 11 ---- these kinds of issues should have been fixed years ago
B) While you're at it, fix the stupid UI issue where the download dialog disappears completely if Acrobat Pro doesn't have the focus. On a long download, I'd like to be able to see progress while working on other stuff. Acrobat Pro is not the center of the universe!

Interesting point 2, I am working on a Mac plugin at the moment. It does not hide its dialogs when switching to a different app. I consider this a bug and will fix it so the dialog disappears. I hadn't considered the question of progress but there is a very strong reason to do this on the Mac.
My tests seem to show that
(a) to get a dialog to sit above PDF documents all the time, it must be on a higher "level".
(b) if a dialog is at a higher level, this is a global setting.
So, if the dialog is not hidden when switching all, it will typically sit on top of the other app's document windows. This would not be popular, as the end user, unless they have mountains of screen space and choose to use it that way, must either close or move the dialog when switching app, then bring the dialog back. So, because Acrobat Pro is not the centre of the universe, it will hide dialogs (or rather, the Mac will, as it's a standard option when creating a window).

I can't set up gmail in my iPad 2. Keep on saying ' can't connect with SSL and ask me whether to connect without using SSL, then I press 'yes' and it said again IMAP is not working and tell me to see network connection and incoming mail server.

I can't set up gmail in my iPad 2. Keep on saying ' can't connect with SSL and ask me whether to connect without using SSL, then I press 'yes' and it said again IMAP is not working and tell me to see network connection and incoming mail server. No idea how to do anymore. Already tried to figure out. But not work. Can anyone pls help me?

Nope, doesn't pass verification. I get the spinner for a minute or so, then the alert about setting it up without SSL. Are you suggesting I disable Fetch and Push BEFORE I enter the account details? Because I never get past the account details screen, unless I choose "Set up without SSL" after the warning.

Creating a TCP connection with SSL/TLS

Hi,
I am working in a application that depends on the server. I need to estabilish a TCP connection with SSL/Tls secure connection with the server in order to get the datas.
I have the following code structure :
- (id)initWithHostAddressNSString*)_host andPortint)_port
[self clean];
self.host = _host;
self.port = _port;
CFWriteStreamRef writeStream;
CFReadStreamRef readStream;
return self;
-(BOOL)connect
if ( self.host != nil )
// Bind read/write streams to a new socket
CFStreamCreatePairWithSocketToHost(kCFAllocatorDef ault, (CFStringRef)self.host, self.port, &readStream, &writeStream);
return [self setupSocketStreams];
- (BOOL)setupSocketStreams
// Make sure streams were created correctly
if ( readStream == nil || writeStream == nil )
[self close];
return NO;
// Create buffers ---- has not been released , so need to check possible ways to release in future
incomingDataBuffer = [[NSMutableData alloc] init];
outgoingDataBuffer = [[NSMutableData alloc] init];
// Indicate that we want socket to be closed whenever streams are closed
CFReadStreamSetProperty(readStream, kCFStreamPropertyShouldCloseNativeSocket, kCFBooleanTrue);
CFWriteStreamSetProperty(writeStream, kCFStreamPropertyShouldCloseNativeSocket, kCFBooleanTrue);
//Indicate that the connection needs to be done in secure manner
CFReadStreamSetProperty(readStream, kCFStreamPropertySocketSecurityLevel, kCFStreamSocketSecurityLevelNegotiatedSSL);
CFWriteStreamSetProperty(writeStream, kCFStreamPropertySocketSecurityLevel, kCFStreamSocketSecurityLevelNegotiatedSSL);
// We will be handling the following stream events
CFOptionFlags registeredEvents = kCFStreamEventOpenCompleted |
kCFStreamEventHasBytesAvailable | kCFStreamEventCanAcceptBytes |
kCFStreamEventEndEncountered | kCFStreamEventErrorOccurred;
// Setup stream context - reference to 'self' will be passed to stream event handling callbacks
CFStreamClientContext ctx = {0, self, NULL, NULL, NULL};
// Specify callbacks that will be handling stream events
BOOL doSupportAsync = CFReadStreamSetClient(readStream, registeredEvents, readStreamEventHandler, &ctx);
BOOL doSupportAsync1 = CFWriteStreamSetClient(writeStream, registeredEvents, writeStreamEventHandler, &ctx);
NSLog(@"does supported in Asynchrnous format? : %d :%d", doSupportAsync, doSupportAsync1);
// Schedule streams with current run loop
CFReadStreamScheduleWithRunLoop(readStream, CFRunLoopGetCurrent(), kCFRunLoopDefaultMode);
CFWriteStreamScheduleWithRunLoop(writeStream, CFRunLoopGetCurrent(), kCFRunLoopDefaultMode);
// Open both streams
if ( ! CFReadStreamOpen(readStream) || ! CFWriteStreamOpen(writeStream))
// close the connection
return NO;
return YES;
// call back method for reading
void readStreamEventHandler(CFReadStreamRef stream,CFStreamEventType eventType, void *info)
Connection* connection = (Connection*)info;
[connection readStreamHandleEvent:eventType];
// call back method for writing
void writeStreamEventHandler(CFWriteStreamRef stream, CFStreamEventType eventType, void *info)
Connection* connection = (Connection*)info;
[connection writeStreamHandleEvent:eventType];
`
As above, I have used
CFReadStreamSetProperty(readStream, kCFStreamPropertySocketSecurityLevel, kCFStreamSocketSecurityLevelSSLv3);
CFWriteStreamSetProperty(writeStream, kCFStreamPropertySocketSecurityLevel, kCFStreamSocketSecurityLevelSSLv3);
in order to make a secured connection using sockets.
The url i am using is in the format "ssl://some domain.com"
But in my call back method i am always getting only kCFStreamEventErrorOccurred for CFStreamEventType .
I also tried with the url "https://some domain.com" ,but getting the same error.
i also commented out setting kCFStreamPropertySocketSecurityLevel, but still i am receiving the same error that i mentioned above.
I dont know how it returns the same error. I have followed the api's and docs , but they mentioned the same way of creating a connection as i had given above.
I tried to get the error using the following code :
CFStreamError error = CFWriteStreamGetError(writeStream);
CFStreamErrorDomain errDomain = error.domain;
SInt32 errCode = error.error;
The value for errCode is 61 and errDomain is kCFStreamErrorDomainPOSIX. so i checked out the "errno.h", it specifies errCode as "Connection refused"
I need a help to fix this issue.
If the above code is not the right one,
**(i)how to create a TCP connection with SSL/TLS with the server.**
**(ii)How the url format should be(i.e its "ssl://" or "https://").**
**(iii)If my above code is correct where lies the error.**
I hope the server is working properly. Because I can able to communicate with the server and get the datas properly using BlackBerry and android phones. They have used SecuredConnection api's built in java. Their url format is "ssl://" and also using the same port number that i have used in my code.
Any help would be greatly appreciated.
Regards,
Mohammed Sadiq.

Hello Naxito. Welcome to the Apple Discussions!
Try the following ...
Perform a "factory default" reset of the AX
o (ref: http://docs.info.apple.com/article.html?artnum=108044)
Setup the AX
Connect to the AX's wireless network, and then, using the AirPort Admin Utility, try these settings:
AirPort tab
o Base Station Name: <whatever you wish or use the default>
o AirPort Network Name: <whatever you wish or use the default>
o Create a closed network (unchecked)
o Wireless Security: Not enabled
o Channel: Automatic
o Mode: 802.11b/g Compatible
Internet tab
o Connect Using: Ethernet
o Configure: Manually
o IP address: <Enter your college-provided IP address>
o Subnet mask: <Enter your college-provided subnet mask IP address>
o Router address: <Enter your college-provided router IP address>
o DNS servers: <Enter your college-provided DNS server(s)
o WAN Ethernet Port: Automatic
<b>Network tab
o Distribute IP addresses (checked)
o Share a single IP address (using DHCP & NAT) (enabled)

OpenLDAP ldapsearch connect to OID with SSL?

Similar Messages

Maybe you are looking for