Re: "error in SSLv3 flush data" when connecting from network

[Antonis Christofides <anthony@itia.ntua.gr>]

Quanah Gibson-Mount <quanah@stanford.edu> writes:
> The libraries compiled against GnuTLS are:
> 
> :/usr/lib> ldd libldap.so.2.0.130
          ...
>         libgnutls.so.11 => /usr/lib/libgnutls.so.11 (0xa7e57000)

However, the Debian etch slapd and ldap utilities, such as ldapsearch,
don't use this library.  It's only some other things that do so, such
as samba.  slapd and ldap* use libldap[_r]-2.3 instead, which appears
to not be using gnutls.

> The problem comes when the user ID running slapd, and the user ID
> handling other things that load /usr/lib/libldap.so.* are the same,
> whether that is root or the ldap user.    As soon as both sets of
> libraries get loaded into the same user space, problems ensue.

I stopped all services that were using libldap*, then started the
compiled slapd (with -u openldap anyway, and nothing else runs as that
user, though I'm not certain the libraries aren't opened before it
switches priviliges), and still I had the same symptom.  (And my
compiled slapd is also believed to not use gnutls; it doesn't use
libldap anyway.)

I therefore don't see any evidence that the problem is really
gnutls-related.  That you can't reproduce it doesn't quite help,
you've compiled almost everything yourself.

You think I should also try to gradually compile things myself, trying
to locate which library causes the problem?  Needless to say I'd
prefer a simpler investigation path, if one exists.

A debian bug reporting similar behaviour was filed two days ago:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=412706.  I'll add my
experience there.