[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP clients dump core in SSL mode (ITS#889)

To: openldap-its@OpenLDAP.org
Subject: OpenLDAP clients dump core in SSL mode (ITS#889)
From: del@babel.com.au
Date: Tue, 14 Nov 2000 06:10:41 GMT

Full_Name: Del
Version: 2.0.7
OS: Linux (RH6.2, Kernel 2.2.16)
URL: 
Submission from: (NULL) (203.96.111.201)

The following command core dumps:

ldapsearch -H ldaps://<servername>/ -x

This dumps core regardless of whether the server is an OpenLDAP 2.0.7
server running in SSL mode (slapd -h "ldap:/// ldaps:///") or an NDS
server also set up for SSL mode.

A command line openssl connection to the LDAP server on port 636
appears to work OK, and shows a trace of certificates and certificate
issuers.

... following the debug output of the slapd server, it appears that
the connection gets started OK, and almost completes OK.  I see messages
like these (trimming out the hex dump scribble):

TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=11

TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
tls_write: want=1024, written=1024

TLS trace: SSL_accept:SSLv3 flush data
tls_read: want=5 error=Resource temporarily unavailable
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 8r
daemon: read activity on 8
connection_get(8)
connection_get(8): got connid=0
connection_read(8): checking for input on id=0
tls_read: want=5, got=5

TLS trace: SSL_accept:SSLv3 read client key exchange A
tls_read: want=5, got=5

TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
tls_write: want=51, written=51

TLS trace: SSL_accept:SSLv3 flush data
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 8r
daemon: read activity on 8
connection_get(8)
connection_get(8): got connid=0
connection_read(8): checking for input on id=0
ber_get_next
tls_read: want=5, got=0

ldap_read: want=1, got=0

ber_get_next on fd 8 failed errno=0 (Success)
connection_read(8): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=8 for close
connection_close: conn=0 sd=8
daemon: removing 8
tls_write: want=29, written=29

TLS trace: SSL3 alert write:warning:close notify
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL

... and at this point the client dies with no output.

ldappasswd dumps core also on ldaps, but works fine in -ZZ
mode.  When run in ldaps mode it doesn't appear to write a
password.  In -ZZ mode it does.

also, Julio Sanchez Fernandez wrote:

> It seems to fail in ldap_int_sasl_external in cyrus.c, possibly
> because ld_defconn is garbage.
> 
> But I don't quite understand why it is trying to do an external
> sasl bind, if that is what it is doing...
> 
> Use of -Y does not seem to have any effect.

Del

Prev by Date: Re: OpenLDAP-2.0 bug: incomplete LDAP_RES_SEARCH_REFERENCE?
Next by Date: Re: back-ldap uses LDAP2?
Index(es):
- Chronological
- Thread