[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [Fwd: TLS and slurpd]

To: openldap-devel@OpenLDAP.org
Subject: Re: [Fwd: TLS and slurpd]
From: Gerald Carter <gcarter@valinux.com>
Date: Tue, 16 Jan 2001 13:27:02 -0600
Organization: VA Linux Systems
References: <3A64900E.A7539C6F@valinux.com>

Summary:

Apparently this is a race condition in the slurpd code
when run under an SMP 2.2.14 kernel (dual-cpu RedHat 
6.2 host).  Rebooting under a single CPU kernel gets 
rid of the error and all works fine.  I'll try to 
track this down in the slurpd code later.





Cheers, jerry

Gerald Carter wrote:
> 
> Greetings....
> 
> I'm moving this over the openldap-devel as this
> is becoming more of an "TLS support in the OpenLDAP
> code" question.
> 
> Since my last post, I have reviewed the slurpd code in HEAD
> which does not seemed to have changed much.  I noted a
> few changes in libldap/tls.c, but nothing that addressed by
> current issues.
> 
> Can anyone help give me a push in the right direction.
> I know this works, but for some reason, a server with
> a seemingly identical setup as a working one will not
> use TLS for replication.
> 
> Thanks.
> 
> Cheers, jerry
> 
> Gerald Carter wrote:
> >
> > Gerald Carter wrote:
> > >
> > > > I've read several postings late last year about problems
> > > > using slurpd with the tls=[yes|critical] option on replicas.
> > > > I keep getting a
> > > >
> > > >         TLS: could not allocate default ctx
> > > >
> > > > error in the slurpd log and the connection replication fails.
> > > > Is this supposed to be working in 2.0.7?  I'll keep looking
> > > > through the code, but I wanted to run this quick question
> > > > by everyone.
> > >
> > > More information after adding some debug messages....
> > >
> > >    TLS: could not allocate default ctx.
> > >    error:140A90A1:SSL routines:SSL_CTX_new:library 
> > >        has no ciphers
> > >
> > > Now this is strange since the StartTLS command for
> > > the client tools works when querying slapd.
> >
> > After much reading on the OpenSSL API, I decided to start
> > fresh with a clean OpenLDAP 2.0.7 install (including
> > OpenSSL 0.9.6, Cyrus SASL 1.5.24, & Berkeley DB 3.1.17
> > all compiled from source).  I started a fresh RedHat 6.2
> > install in a VM Ware session and set it up as
> > replica.  All works fine...including replication
> > using the StartTLS extended command.  Interesting....
> >
> > I need to find out what is making my other install fail.
> > Just an update for those who are curious.


-- 
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com/  VA Linux Systems   gcarter@valinux.com
       http://www.samba.org/       SAMBA Team          jerry@samba.org
       http://www.plainjoe.org/                     jerry@plainjoe.org

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )

References:
- [Fwd: TLS and slurpd]
  - From: Gerald Carter <gcarter@valinux.com>

Prev by Date: [Fwd: TLS and slurpd]
Next by Date: Re: url.c and strcasecmp ?
Index(es):
- Chronological
- Thread