[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#4082) TLS broken in OPENLDAP_REL_ENG_2_3_10?
Full_Name: Kevin Spicer
Version: OPENLDAP_REL_ENG_2_3_10
OS: linux
URL:
Submission from: (NULL) (198.178.236.10)
I can't seem to get TLS working in OPENLDAP_REL_ENG_2_3_10 My TLS configuration
as shown below is unchanged from its configuration in 2.2.19
TLSCipherSuite HIGH:+TLSv1:+SSLv2:+SSLv3
TLSCACertificateFile /usr/local/etc/openldap/certs/cacert.pem
TLSCertificateFile /usr/local/etc/openldap/certs/laptop.slapd-cert.pem
TLSCertificateKeyFile /usr/local/etc/openldap/certs/laptop.slapd-key.pem
Both 2.2.19 and 2.3.10 are linked against openssl 0.9.7 - from the output of
ldd...
libssl.so.0.9.7 => /usr/lib/libssl.so.0.9.7 (0xb7edc000)
When attempting to start slapd I get the following on 2.3.10 ...
$ libexec/slapd -d 1 -u ldap -g ldap -h "ldap:// ldaps://"
@(#) $OpenLDAP: slapd 2.3.10 (Oct 12 2005 15:12:00) $
root@laptop:/home/kevins/openldap-2.3.10cvs/servers/slapd
daemon_init: listen on ldap://
daemon_init: listen on ldaps://
daemon_init: 2 listeners to open...
ldap_url_parse_ext(ldap://)
daemon: IPv6 socket() failed errno=97 (Address family not supported by
protocol)daemon: initialized ldap://
ldap_url_parse_ext(ldaps://)
daemon: TLS not configured (ldaps://)
slapd stopped.
connections_destroy: nothing to destroy.
However this works fine with 2.2.19. slapd from 2.3.10 starts normally if
called without ldaps://, however the startTLS functuionality doesn't work.
i.e.
$ libexec/slapd -u ldap -g ldap -h "ldap://";
$ bin/ldapsearch -ZZ
ldap_start_tls: Connect error (-11)
Again this works correctly on 2.2.19. I have checked the appropriate man pages
but I can't see any obvious change that may have caused this.