[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems when closing LDAPS sessions ?



Hi.

I tested again with slapd V 2.2.15 (latest version on FreeBSD stable),
with the same problem.

I still have such entries in a netstat -an on the server:

tcp4  0  37  Server.636  Client.ephemeral    LAST_ACK

One entry for each connection, and it will take some time before those
entries are removed by slapd/system (and it will generate problems if
I have lots of connections slapd).



As I couldn't update the client, I also tried an ldapsearch on another
host, using V 2.2.15.

I didn't find how to validate the server certificate with ldapsearch,
so I couldn't reproduce the problem, but I had another one:

 1 0.000000 Client Server  TCP      3163 > ldaps [SYN] Seq=2798085305 Ack=0 Win=57344 Len=0
 2 0.000030 Server Client  TCP      ldaps > 3163 [SYN, ACK] Seq=3986325738 Ack=2798085306 Win=57344 Len=0
 3 0.000050 Client Server  TCP      3163 > ldaps [ACK] Seq=2798085306 Ack=3986325739 Win=57408 Len=0
 4 0.006459 Client Server  SSLv2    Client Hello
 5 0.009318 Server Client  TLS      Server Hello, Certificate, Server Hello Done
 6 0.010183 Client Server  TLS      Alert (Level: Fatal, Description: Unknown CA)
 7 0.011616 Server Client  TCP      ldaps > 3163 [FIN, ACK] Seq=3986326942 Ack=2798085455 Win=57401 Len=0
 8 0.011649 Client Server  TCP      3163 > ldaps [ACK] Seq=2798085455 Ack=3986326943 Win=57399 Len=0
 9 1.411796 Client Server  TCP      3163 > ldaps [FIN, ACK] Seq=2798085455 Ack=3986326943 Win=57408 Len=0
10 1.411828 Server Client  TCP      ldaps > 3163 [ACK] Seq=3986326943 Ack=2798085456 Win=57400 Len=0

Still have a strange ACK after the FIN, and if I do a netstat -an, I
have an entry like that:

tcp4       0      0  Server.636  Client.3163    TIME_WAIT


Note that those entries will be removed quite fast.......



Yvan.

Attachment: smime.p7s
Description: S/MIME cryptographic signature