--- Begin Message ---
Dear list,
Client programs (ldapsearch, ldapadd, ldapmodify) segfault (no core!)
with any encrypted
connection to the LDAP server.
The possible bug is very similar to ITS #889
OpenLDAP 2.0.13 & 2.0.14
OS: Linux (Suse 7.2)
- make test works
(slapd -d -1 -h "ldap:/// ldaps:///")
- ldapsearch -H ldap:/// -x works
- ldapsearch -H ldap:/// -I works via SASL/GSSAPI + Kerberos V
- ldapsearch -H ldap:/// -x -Z Segmentation fault
- ldapsearch -H ldap:/// -x -ZZ Segmentation fault
- ldapsearch -H ldaps:/// -x Segmentation fault
( - ldapsearch -H ldaps:/// -x -Z Segmentation fault
- ldapsearch -H ldaps:/// -x -ZZ Segmentation fault )
Debug output (without long HEX code = ...)
daemon: activity on 1 descriptors
daemon: new connection on 10
daemon: conn=0 fd=10 connection from IP=127.0.0.1:33818 (IP=:: 31746)
accepted.
daemon: added 10r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=11
...
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
tls_write: want=970, written=970
...
TLS trace: SSL_accept:SSLv3 flush data
tls_read: want=5, got=5
0000: 16 03 01 00 86 .....
tls_read: want=134, got=134
...
TLS trace: SSL_accept:SSLv3 read client key exchange A
tls_read: want=5, got=5
0000: 14 03 01 00 01 .....
tls_read: want=1, got=1
0000: 01 .
tls_read: want=5, got=5
0000: 16 03 01 00 28 ....(
tls_read: want=40, got=40
...
TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
tls_write: want=51, written=51
...
TLS trace: SSL_accept:SSLv3 flush data
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
tls_read: want=5, got=0
ldap_read: want=1, got=0
ber_get_next on fd 10 failed errno=0 (Success)
connection_read(10): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=10 for close
connection_close: conn=0 sd=10
daemon: removing 10
conn=-1 fd=10 closed
tls_write: want=29, written=29
0000: 15 03 01 00 18 1d 26 2b 23 de 12 72 00 50 18 8b
......&+#..r.P..
0010: 03 a1 e8 6a 1c 1f 5a 96 a3 d2 81 2c 15
...j..Z....,.
TLS trace: SSL3 alert write:warning:close notify
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
I use openssl-0.9.6b, cyrus-sasl-1.5.24 and krb5-1.2.2.
All packages seem to work for their own and with Kerberos.
Has anybody encountered the same problem?
I couldn't find an appropriate patch. Have I missed it?
TIA,
Timm Essigke
--- End Message ---