I wrote:
A tls connection between a client and a 2.3.30 slapd hangs while the
server is giving the certificate; but this does not happen if the
server is run with -d 2 or higher, or if the client is the server
itself.
My slapd is the Debian-etch-packaged 2.3.30.
Quanah Gibson-Mount <quanah@stanford.edu> replied:
Problems with SSL on Debian are well known, and it is due to the fact
that they long ago patched OpenLDAP 2.1 to compile against GnuTLS
Thanks for the information. I downloaded and compiled 2.3.32 and I
have exactly the same symptom. I used
./configure --with-tls
and had to install package libssl-dev for it to work.
Could it be a dependency on a Debian shared library? While
investigating whether this is the case with gnutls, I found out that
the slapd package does depend on the libgnutls package, but I can't
find the library dependence using ldd, and when I try "lsof|grep
gnutls", slapd (the Debian slapd) isn't listed there (I can see slapd
if I run "lsof|grep libssl). So either the Debian slapd does not
actually use gnutls, or I don't know what's going on here (which is
very likely).