[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
recompile breaks tls
i recompiled openldap and the only thing i changed is --prefix when i ran
./configure. now it points to /opt/openldap-2.0.7-1, as far as i can tell
everything builds and installs correctly.
however when i run it the slaves (also running the new version) can no
longer accept tls encrypted replication. even though the slaves say that
they can't accept the tls i can use "ldapsearch -ZZ" against the slave and
it works fine. if i revert just the slave back to the old version
installed in /usr/local (the master is still the new version) it works so
i don't think it's a configuration issue.
the error from running "-d -1" on the slave are:
daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 7r
daemon: read activity on 7
connection_get(7)
connection_get(7): got connid=3
connection_read(7): checking for input on id=3
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=7
0000: 30 05 02 01 02 42 00 0....B.
tls_read: want=4, got=0
TLS: can't accept.
connection_read(7): TLS accept error error=-1 id=3, closing
connection_closing: readying conn=3 sd=7 for close
connection_close: conn=3 sd=7
daemon: removing 7
adam.