[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS/SSL altNames [was: SSL certificates, kerberos keytabs, and load balancing]

To: Medievalist <ldap@HBCS.Org>
Subject: Re: TLS/SSL altNames [was: SSL certificates, kerberos keytabs, and load balancing]
From: "Kirk A. Turner-Rustin" <ktrustin@owu.edu>
Date: Tue, 13 Apr 2004 15:51:10 -0400 (EDT)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <407BF293.27209.104FBA7@localhost>

On Tue, 13 Apr 2004, Medievalist wrote:

> Damnation!  Thanks Kirk, you just saved me a small headache that was scheduled 
> for next week.

Glad to hear it.

> Hmmm... looking at the bug reports, isn't this another side effect of Red Hat 
> shipping an obsolete, known-to-be-buggy OpenLDAP package?  P'raps nss_ldap is 
> using the OpenLDAP libraries and inheriting the bug?

I encountered the problem first hand *after* having upgraded the
OpenLDAP libraries on an nss_ldap box to OL 2.1.25. Also, I would
expect a client problem with certificates to be due to bad OpenSSL,
not OpenLDAP, libs.

Of course...

% ldd /usr/lib/libnss_ldap.so
        libdl.so.2 => /lib/libdl.so.2 (0x401f1000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x401f5000)
        libc.so.6 => /lib/tls/libc.so.6 (0x42000000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)

...it appears that the stock RH9 nss_ldap is not using shared
OpenLDAP *or* OpenSSL libs, so a rebuild of nss_ldap from the source
RPM after upgrading both may fix things.

-- 
Kirk Turner-Rustin
Information Systems
Ohio Wesleyan University
http://www.owu.edu
ktrustin@owu.edu

References:
- TLS/SSL altNames [was: SSL certificates, kerberos keytabs, and load balancing]
  - From: "Medievalist" <ldap@HBCS.Org>

Prev by Date: ldap proxy to AD returns no results - take#2
Next by Date: Re: TLS/SSL altNames [was: SSL certificates, kerberos keytabs, and load balancing]
Index(es):
- Chronological
- Thread