extrange problem with ldapsearch

["Pablo J Royo" <royop@tb-solutions.com>]

Hello

I have a curious problem with OpenLDAP when I download a CRL from a LDAP using ldapsearch. I can download some CRLs but no others, althought using other software (Softerra) I can also download problematic CRLs. When the error happens, CRLs are cut to 25 bytes.
The problem happens with last version of OpenLdap, but also with an old 2.0.11 version.
I´m sure CRLs are correct, because they are from an official organization. (well, I think so...)

This is the line I use to test the problem:

ldapsearch -v -t -x -P 2 -D 'cn=XXXXX' -w XXXXX -b "OU=blah,OU=blah..." -h ldap.host.com -p 389 'cn=CRL2001' certificateRevocationList

This is the CRL (which seems Ok) that gives problems (obtained with Softerra browser):

-----BEGIN X509 CRL-----
MIIDcTCCAtoCAQEwDQYJKoZIhvcNAQEFBQAwNjELMAkGA1UEBhMCRVMxDTALBgNV
BAoTBEZOTVQxGDAWBgNVBAsTD0ZOTVQgQ2xhc2UgMiBDQRcNMDUwNjAyMTQxOTU4
WhcNMDUwNjAzMTQxOTU4WjCCAdowPQIEPIJCARcNMDUwNTMwMTIxMjQxWjAmMAoG
A1UdFQQDCgEBMBgGA1UdGAQRGA8yMDA1MDUzMDEyMTAyOFowPQIEPIJCJxcNMDUw
NTI0MTAwODQ3WjAmMAoGA1UdFQQDCgEBMBgGA1UdGAQRGA8yMDA1MDUyNDEwMDQ1
NVowPQIEPIJCPRcNMDUwNTMxMDcxOTM1WjAmMAoGA1UdFQQDCgEBMBgGA1UdGAQR
GA8yMDA1MDUzMTA3MTUwMlowIwIEPIJCgxcNMDUwNTI1MDczMDAwWjAMMAoGA1Ud
FQQDCgEEMD0CBDyCQuMXDTA1MDUzMDA3MjExN1owJjAKBgNVHRUEAwoBATAYBgNV
HRgEERgPMjAwNTA1MzAwNzE4NDhaMCMCBDyCQ2cXDTA1MDUyNjA3MzcwNlowDDAK
BgNVHRUEAwoBBDAjAgQ8gkQUFw0wNTA1MzAxMTQ4MTNaMAwwCgYDVR0VBAMKAQQw
IwIEPIJEeBcNMDUwNTMwMTE0NTQzWjAMMAoGA1UdFQQDCgEEMCMCBDyCRIoXDTA1
MDUyNTA5MjE1MlowDDAKBgNVHRUEAwoBBDAjAgQ8gkSiFw0wNTA1MjQxMDQyMzRa
MAwwCgYDVR0VBAMKAQSggZEwgY4wCgYDVR0UBAMCARwwHwYDVR0jBBgwFoAUQJp2
RJd0B8SsFMsejU86RXww12EwXwYDVR0cAQH/BFUwU6BOoEykSjBIMQswCQYDVQQG
EwJFUzENMAsGA1UEChMERk5NVDEYMBYGA1UECxMPRk5NVCBDbGFzZSAyIENBMRAw
DgYDVQQDEwdDUkwyMDAygQH/MA0GCSqGSIb3DQEBBQUAA4GBAIN9d0Wq5a7megaK
583xOuokYQ7AVNFiYbqmem2Kctwh1s4ySvFVoBm6iNMZozYdEFh4NIT9NeTZStl1
p008F6arcT7bVhfQtxn5Wskr9fRgrvWen6i14SIPrRaYkirA4BVYbHI4A8mbG7Be
/RfyM6g1OHicKsFxnOxyS575ggjZ
-----END X509 CRL-----

and this is a correctly downloaded CRL with ldapsearch 

-----BEGIN X509 CRL-----
MIIE2DCCBEECAQEwDQYJKoZIhvcNAQEFBQAwNjELMAkGA1UEBhMCRVMxDTALBgNV
BAoTBEZOTVQxGDAWBgNVBAsTD0ZOTVQgQ2xhc2UgMiBDQRcNMDUwNjAyMDgwNjM2
WhcNMDUwNjAzMDgwNjM2WjCCA0EwPQIEPIGSQRcNMDUwNTI0MTkzNTMwWjAmMAoG
A1UdFQQDCgEBMBgGA1UdGAQRGA8yMDA1MDUyNDE5MzAyNFowIwIEPIGSRBcNMDUw
NTE2MDk0NjQyWjAMMAoGA1UdFQQDCgEEMCMCBDyBklIXDTA1MDUwOTE1MTkyNVow
DDAKBgNVHRUEAwoBBDAjAgQ8gZJzFw0wNTA1MDkxNTQwNDVaMAwwCgYDVR0VBAMK
AQQwIwIEPIGShxcNMDUwNTEwMTUwMzI3WjAMMAoGA1UdFQQDCgEAMCMCBDyBktUX
DTA1MDUxMzIwMjg0MFowDDAKBgNVHRUEAwoBBDA9AgQ8gZLYFw0wNTA1MTAwODIy
MzJaMCYwCgYDVR0VBAMKAQEwGAYDVR0YBBEYDzIwMDUwNTEwMDgxNzQyWjA9AgQ8
gZMoFw0wNTA1MTEwODI3NDdaMCYwCgYDVR0VBAMKAQEwGAYDVR0YBBEYDzIwMDUw
NTExMDgyMTM1WjAjAgQ8gZMrFw0wNTA1MjQxMzU1MTVaMAwwCgYDVR0VBAMKAQQw
IwIEPIGTyBcNMDUwNTEyMTMwMjMwWjAMMAoGA1UdFQQDCgEEMCMCBDyBk9YXDTA1
MDUyNTEzMDUyMFowDDAKBgNVHRUEAwoBBDA9AgQ8gZPsFw0wNTA1MTExMDM2MjJa
MCYwCgYDVR0VBAMKAQEwGAYDVR0YBBEYDzIwMDUwNTExMTAzNDMwWjA9AgQ8gZPz
Fw0wNTA1MTExMDM5MDhaMCYwCgYDVR0VBAMKAQEwGAYDVR0YBBEYDzIwMDUwNTEx
MTAzNzAxWjAjAgQ8gZQ4Fw0wNTA1MTYwOTQ3MzZaMAwwCgYDVR0VBAMKAQQwIwIE
PIGUUxcNMDUwNTEzMTk1NzU0WjAMMAoGA1UdFQQDCgEEMCMCBDyBlJAXDTA1MDUy
NDE5NTA0NlowDDAKBgNVHRUEAwoBBDAjAgQ8gZSgFw0wNTA1MDkyMDEyMzlaMAww
CgYDVR0VBAMKAQQwIwIEPIGU4xcNMDUwNTE4MjAyNDEwWjAMMAoGA1UdFQQDCgEE
MCMCBDyBlOgXDTA1MDUwOTE5MzUzOVowDDAKBgNVHRUEAwoBAKCBkTCBjjAKBgNV
HRQEAwIBQzAfBgNVHSMEGDAWgBRAmnZEl3QHxKwUyx6NTzpFfDDXYTBfBgNVHRwB
Af8EVTBToE6gTKRKMEgxCzAJBgNVBAYTAkVTMQ0wCwYDVQQKEwRGTk1UMRgwFgYD
VQQLEw9GTk1UIENsYXNlIDIgQ0ExEDAOBgNVBAMTB0NSTDE5NDKBAf8wDQYJKoZI
hvcNAQEFBQADgYEAArUm2IlqcoJdunZuvAVbX4dTDqWz1RU5ppBGozzxNNM6glWv
zGJ0F06D5jcEdBHQZesDL4h9fKtQkrm7NWqQI4f9wQr1BM3GRTKDTMCgAt0P2Xje
dtSO8lsO0j7UOaFTh5r5mZ+VuslBwRb6oGi/l+23KU7rsOB61aJQZmPqsZI=
-----END X509 CRL-----

The two CRLs are correct. The problem is with its retrieval from the LDAP.

Does somebody knows what happens?