[Date Prev][Date Next] [Chronological] [Thread] [Top]
Re: (ITS#4082) TLS broken in OPENLDAP_REL_ENG_2_3_10?

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#4082) TLS broken in OPENLDAP_REL_ENG_2_3_10?
From: kevins@bmrb.co.uk
Date: Wed, 12 Oct 2005 18:20:34 GMT
On Wed, 2005-10-12 at 18:04 +0100, Howard Chu wrote:
> HEAD/RE23 works for me. Run ldapsearch with -d7 and/or slapd with -d7
> and see what problems are encountered.

Heres output from ldapsearch -d7 -ZZ
#### START ##########
ldap_create
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 127.0.0.1:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({) ber:
ber_flush: 31 bytes to sd 3
  0000:  30 1d 02 01 01 77 18 80  16 31 2e 33 2e 36 2e 31
0....w...1.3.6.1
  0010:  2e 34 2e 31 2e 31 34 36  36 2e 32 30 30 33
37      .4.1.1466.20037
ldap_write: want=31, written=31
  0000:  30 1d 02 01 01 77 18 80  16 31 2e 33 2e 36 2e 31
0....w...1.3.6.1
  0010:  2e 34 2e 31 2e 31 34 36  36 2e 32 30 30 33
37      .4.1.1466.20037
ldap_result ld 0x807fdc0 msgid 1
ldap_chkResponseList ld 0x807fdc0 msgid 1 all 1
ldap_chkResponseList returns ld 0x807fdc0 NULL
wait4msg ld 0x807fdc0 msgid 1 (infinite timeout)
wait4msg continue ld 0x807fdc0 msgid 1 all 1
** ld 0x807fdc0 Connections:
* host: 127.0.0.1  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Wed Oct 12 20:15:23 2005

** ld 0x807fdc0 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
** ld 0x807fdc0 Response Queue:
   Empty
ldap_chkResponseList ld 0x807fdc0 msgid 1 all 1
ldap_chkResponseList returns ld 0x807fdc0 NULL
ldap_int_select
read1msg: ld 0x807fdc0 msgid 1 all 1
ber_get_next
ldap_read: want=8, got=8
  0000:  30 0c 02 01 01 78 07 0a                            0....x..
ldap_read: want=6, got=6
  0000:  01 00 04 00 04 00                                  ......
ber_get_next: tag 0x30 len 12 contents:
read1msg: ld 0x807fdc0 msgid 1 message type extended-result
ber_scanf fmt ({eaa) ber:
read1msg: ld 0x807fdc0 0 new referrals
read1msg:  mark request completed, ld 0x807fdc0 msgid 1
request done: ld 0x807fdc0 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection 0 1
ldap_free_connection: refcnt 1
ldap_parse_extended_result
ber_scanf fmt ({eaa) ber:
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldap_perror
ldap_start_tls: Connect error (-11)

####  END ####

And heres the output from slapd running with -d7 at the time of running
the above command...

##### START #####

connection_get(26)
connection_get(26): got connid=3
connection_read(26): checking for input on id=3
ber_get_next
ldap_read: want=8, got=8
  0000:  30 1d 02 01 01 77 18 80                            0....w..
ldap_read: want=23, got=23
  0000:  16 31 2e 33 2e 36 2e 31  2e 34 2e 31 2e 31 34
36   .1.3.6.1.4.1.146
  0010:  36 2e 32 30 30 33 37                               6.20037
ber_get_next: tag 0x30 len 29 contents:
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
ber_get_next on fd 26 failed errno=11 (Resource temporarily unavailable)
do_extended
ber_scanf fmt ({m) ber:
do_extended: oid=1.3.6.1.4.1.1466.20037
send_ldap_extended: err=0 oid= len=0
send_ldap_response: msgid=1 tag=120 err=0
ber_flush: 14 bytes to sd 26
  0000:  30 0c 02 01 01 78 07 0a  01 00 04 00 04 00
0....x........
ldap_write: want=14, written=14
  0000:  30 0c 02 01 01 78 07 0a  01 00 04 00 04 00
0....x........
connection_get(26)
connection_get(26): got connid=3
connection_read(26): checking for input on id=3
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=0

TLS: can't accept.
connection_read(26): TLS accept error error=-1 id=3, closing
connection_closing: readying conn=3 sd=26 for close
connection_close: conn=3 sd=26
##### END #####

=================================================================

BMRB 
http://www.bmrb.co.uk
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB Limited accepts no liability 
in relation to any personal emails, or content of any email which 
does not directly relate to our business.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Prev by Date: Re: (ITS#4082) TLS broken in OPENLDAP_REL_ENG_2_3_10?
Next by Date: Re: (ITS#4082) TLS broken in OPENLDAP_REL_ENG_2_3_10?
Index(es):
- Chronological
- Thread