[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: OpenLDAP segfaults when used with ssl
Hi list,
> What are we, psychic?
Sorry, I did not mind to bother you, I know by myself how annoying
a question like my own can be. It's just, I started my openldap
server with a debugging level of 256 and still all, I can see is
a segfault at the end. But don't mind that first question anymore.
In the meantime I got a bit more of an understanding of the whole
process. I was wrong in the first place mixing TLS/SSL with SASL
(thanks a lot to Shaick). And I recompiled my OpenLDAP server
using OpenSSL 0.9.6j instead of 0.9.7 (thanks Howard).
But now I receive the following error when trying to start:
/usr/libexec/slapd -u ldap -g root -f /etc/openldap/slapd.conf -d 10 -h
"ldap:/// ldaps:///"
daemon: socket() failed errno=97 (Address family not supported by
protocol)
daemon: socket() failed errno=97 (Address family not supported by
protocol)
/etc/openldap/slapd.conf: line 45: unknown directive "logfile" outside
backend info and database definitions (ignored)
TLS: could not use certificate `/etc/openldap/severcrt.pem'.
TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line
pem_lib.c:666
TLS: error:02001002:system library:fopen:No such file or directory
bss_file.c:245
TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:247
TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
ssl_rsa.c:513
main: TLS init def ctx failed: -1
slapd stopped.
connections_destroy: nothing to destroy.
To give you all (if someone is still reading) a deeper view as to how
I came that far let me tell you that I'm using the OpenLDAP SSL/TLS
Howto by Kent Soper from June 2003.
> As a general note, OpenSSL 0.9.7 doesn't work well with OpenLDAP. I don't
> know if anyone has taken the time to investigate where the compatibility
> issues are yet. I use 0.9.6 for production deployments.
Thanks again.
Maybe someone can help me now,
chris
Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte
Informationen. Wenn Sie nicht der richtige Adressat sind oder
diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte
sofort den Absender und vernichten Sie diese Mail.
Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser
Mail ist nicht gestattet.
This e-mail may contain confidential and/or privileged information.
If you are not the intended recipient (or have received this e-mail
in error) please notify the sender immediately and destroy this
e-mail. Any unauthorised copying, disclosure or distribution of the
material in this e-mail is strictly forbidden.