Hi All, I'm trying to connect to an active directory (Win 2000 server) using ssl (with client authentication) The primary goal is doing that by using python-ldap (on a SuSE 10.1 environment) I get here however a strange situation that it "sometimes" works.. After some hints from the python-ldap mailing list, I tested the ssl connection with openssl, and guess what..the same result.it sometimes works.. SuSE 10.1 Openssl : 0.9.8a-16 I've tried with another version of openssl (0.9.7l) but with same result I've also tried both versions of openssl on windows and fedora core 3 with success! Anyone any idea? Thanks in advance, in the event vieuwer : directory service : ldap interface events -> 5 date: Source: NTDS LDAP Time Category: (16) Type: warning Event ID:1216 The LDAP server closed a socket to a client bacause of an error condition, 87 Here is the output of my openssl commands.. -à If it does not work openssl s_client -connect 192.168.1.5:636 -CAfile /home/gvm/Temp/PYSSL/rootca.pem -cert /home/gvm/Temp/PYSSL/endor-crt.pem -key /home/gvm/Temp/PYSSL/endor-key.pem CONNECTED(00000003) depth=1 /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=CAS_SK verify return:1 depth=0 /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=eowyn.doom.be verify return:1 15313:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188: and If it does work: openssl s_client -connect 192.168.1.5:636 -CAfile /home/gvm/Temp/PYSSL/rootca.pem -cert /home/gvm/Temp/PYSSL/endor-crt.pem -key /home/gvm/Temp/PYSSL/endor-key.pem CONNECTED(00000003) depth=1 /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=CAS_SK verify return:1 depth=0 /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=eowyn.doom.be verify return:1 --- Certificate chain 0 s:/C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=eowyn.doom.be i:/C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=CAS_SK --- Server certificate -----BEGIN CERTIFICATE----- MIICjDCCAfWgAwIBAgIBHDANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJCRTEU MBIGA1UEBxMLSG9vZ3N0cmF0ZW4xEDAOBgNVBAoTB0NBVHJ1c3QxDDAKBgNVBAsT A1BLSTEPMA0GA1UEAwwGQ0FTX1NLMB4XDTA2MTAxNzEwNDk1NVoXDTA3MTAxNzEw NDk1NVowWzELMAkGA1UEBhMCQkUxFDASBgNVBAcTC0hvb2dzdHJhdGVuMRAwDgYD VQQKEwdDQVRydXN0MQwwCgYDVQQLEwNQS0kxFjAUBgNVBAMTDWVvd3luLmRvb20u YmUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL6pGS7FO76CcZuDBOtwso5+ H1Sr/9hfDy2Cymp0gLixW1Fga5xdsO+hiV255NDiI2jQHvjP/FloThEp5UzJVwTY lvT50APyGl1f2g/Akv8eqvK12TyOAtGwuj8SXzayyEzsWtzlN2NFnlWEKJc0qh6Q l2UmDo/ggGxJBxxlfBkNAgMBAAGjZzBlMB8GA1UdIwQYMBaAFDhp/FYUPtJVxyCc 64ksf3y38HKIMB0GA1UdDgQWBBQ/g+qO3W1SDxsEJu86QgEzTrZAVDAOBgNVHQ8B Af8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEFBQADgYEA ASmsG3ltOTkUJWv5zlTSZ69sr9hSjOeSC+wqiKFI0fqmbbcMkiDdxp+olwZwE3LM RGwg9KXU4MZjQsMbDPoySPqDvHh4LlDOeMx8SVqvfQxQa/SnOYIGtONl3CosVe81 P19ynZeq4z+QzubR4F1Is3dqYqL9zYi0k4z2F0pXixA= -----END CERTIFICATE----- subject=/C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=eowyn.doom.be issuer=/C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=CAS_SK --- Acceptable client certificate CA names /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=CAS_SK /C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services Division/CN=Thawte Personal Freemail CA/emailAddress=personal-freemail@thawte.com /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services Division/CN=Thawte Personal Premium CA/emailAddress=personal-premium@thawte.com /C=US/O=First Data Digital Certificates Inc./CN=First Data Digital Certificates Inc. Certification Authority /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services Division/CN=Thawte Personal Basic CA/emailAddress=personal-basic@thawte.com /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority /C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network /C=US/O=GTE Corporation/CN=GTE CyberTrust Root /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=EOWYN CA /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root /OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Root --- SSL handshake has read 3261 bytes and written 1781 bytes --- New, TLSv1/SSLv3, Cipher is RC4-MD5 Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-MD5 Session-ID: 830A000079AD969762D5CA1CC27D874EADB5777B7F9AF5A191900602703F0F9B Session-ID-ctx: Master-Key: 2D17CCBF98E9610A5043C5348A5551717846756EFAE04734239A1DBA6D044788D3A34E7074E1 08CD12D1364586B2405E Key-Arg : None Start Time: 1161103751 Timeout : 300 (sec) Verify return code: 0 (ok) --- read:errno=0