[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: More on TLS problems

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: More on TLS problems
From: kunkee@neosoft.com (Randy Kunkee)
Date: Fri, 1 Sep 2000 22:34:52 -0500 (CDT)
Cc: openldap-devel@OpenLDAP.org
In-reply-to: <4.3.2.7.0.20000901140928.00b7fa10@router.boolean.net> from "Kurt D. Zeilenga" at "Sep 1, 2000 02:29:34 pm"

> Well, I found and fixed a number of problems:
> 	ldaps:// was catching SSL_Connect failure
> 	ldaps:// was not connecting on appropriate port
> 	SSL_connect was being called with SSL_VERIFY_PEER
> 	  even when disabled
> 
> Both ldaps:// and StartTLS appear to be working fine
> now for all devel client tools.
> 
> StartTLS error handling/reporting is a bit odd.  I
> may tune this later.
> 
> Please test these changes so we can kick out a 2.0.1.
> 
> Kurt
> 
> 

I've built the OpenLDAP head branch with OpenSSL and CYRUS-SASL.
One thing that slowed me down quite a bit was that 'make ldbm'
in the tests directory failed on test001-slapadd.  This is due
to the following at the top of ldapsearch.out:

    TLS: PRNG has not been seeded with enough data

which is due to not having a ~/.rnd file, since my operating system
(Alpha OSF) does not have a /dev/urandom device.  I was hoping the
above changes fixed this, but they have not.

Since the tools use -x, and there is no -Z option being passed to
ldapsearch, can the attempt to open this file be prevented, or is
is really necessary?

Randy

Follow-Ups:
- Re: More on TLS problems
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Re: More on TLS problems
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: RE: [Re: C++ Libraries]
Next by Date: Re: More on TLS problems
Index(es):
- Chronological
- Thread