Full_Name: Joel Kociolek Version: latest CVS version (2000-08-14) OS: Linux Debian potato URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (193.251.1.233) I found an apparently infinite loop in slapd when using SSL/TLS authentication if ldapsearch is wrongly configured. I'm using openldap from latest CVS (as of today 2000-08-14) and ldapsearch as a client. I followed the instructions outlined in http://www.OpenLDAP.org/lists/openldap-devel/200006/msg00107.html to create my keys and certificates, and to configure the slapd server. For the client config, if I have TLS_CERT TLS_KEY and TLS_CACERT in the config file, and i do an "ldapsearch -Z", evrything works fine. But if I remove TLS_CACERT from the config file, then slapd seems to hang. Debuging output shows that it apparently goes into an infinite loop. Here is the output from "slapd -d 11" when running "ldapsearch -Z uid=joko" : @(#) $OpenLDAP: slapd 2.0-devel (Mon Aug 14 17:26:48 CEST 2000) $ joko@manchot:/home/joko/src/ldap/servers/slapd daemon_init: listen on ldap:/// daemon_init: 1 listeners to open... ldap_url_parse(ldap:///) daemon: socket() failed errno=22 (Invalid argument) daemon: initialized ldap:/// daemon_init: 1 listeners opened slapd init: initiated server. slap_sasl_init: manchot initialized! slapd startup: initiated. slapd starting daemon: added 6r daemon: select: listen=6 active_threads=0 tvp=NULL daemon: activity on 1 descriptors daemon: new connection on 9 daemon: added 9r daemon: activity on: daemon: select: listen=6 active_threads=0 tvp=NULL daemon: activity on 1 descriptors daemon: activity on: 9r daemon: read activity on 9 connection_get(9): got connid=0 connection_read(9): checking for input on id=0 ber_get_next sockbuf_read: want=1, got=1 0 sockbuf_read: want=1, got=1 1d sockbuf_read: want=29, got=29 02 01 01 w 18 80 16 1 . 3 . 6 . 1 . 4 . 1 . 1 4 6 6 . 2 0 0 3 7 ber_get_next: tag 0x30 len 29 contents: ber_get_next sockbuf_read: want=1 error=Resource temporarily unavailable ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable) daemon: select: listen=6 active_threads=1 tvp=NULL do_extended ber_scanf fmt ({a) ber: send_ldap_extended 0: (0) send_ldap_response: msgid=1 tag=120 err=0 ber_flush: 14 bytes to sd 9 0 0c 02 01 01 x 07 0a 01 00 04 00 04 00 daemon: activity on 1 descriptors daemon: activity on: 9r daemon: read activity on 9 sockbuf_write: want=14, written=14 0 0c 02 01 01 x 07 0a 01 00 04 00 04 00 connection_get(9): got connid=0 connection_read(9): checking for input on id=0 TLS trace: SSL_accept:before/accept initialization tls_read: want=7, got=7 80 k 01 03 01 00 B tls_read: want=102, got=102 00 00 00 20 00 00 16 00 00 13 00 00 0a 00 00 07 00 00 05 00 00 04 00 00 15 00 00 12 00 00 09 07 00 c0 05 00 80 03 00 80 01 00 80 08 00 80 06 00 @ 00 00 14 00 00 11 00 00 08 00 00 06 00 00 03 04 00 80 02 00 80 92 fa d2 9e 11 c8 ac " c8 X 07 d9 & f7 e7 96 E a2 ba @ 94 d7 ) 80 c4 1a 06 df c5 e7 c4 b TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A tls_write: want=1024, written=1024 16 03 01 00 J 02 00 00 F 03 01 9 98 M 2 9b 97 f7 f1 X de c7 cc cb f2 80 10 96 c4 ~ . 90 88 ` a6 Q eb C cd f0 L 09 00 20 db Y + a5 ( ab # af ( d1 ' 20 f6 0d q p = e4 8 c0 e5 dc v G ea b7 0e ca a1 o ` 1c 00 0a 00 16 03 01 07 k 0b 00 07 g 00 07 d 00 03 cb 0 82 03 c7 0 82 03 0 a0 03 02 01 02 02 01 01 0 0d 06 09 * 86 H 86 f7 0d 01 01 04 05 00 0 81 92 1 0b 0 09 06 03 U 04 06 13 02 F R 1 11 0 0f 06 03 U 04 08 13 08 B a s - R h i n 1 13 0 11 06 03 U 04 07 13 0a S t r a s b o u r g 1 10 0 0e 06 03 U 04 0a 13 07 L o g i d e e 1 0e 0 0c 06 03 U 04 0b 13 05 S i e g e 1 18 0 16 06 03 U 04 03 13 0f L o g i d e e 20 T e s t 20 C A 1 1f 0 1d 06 09 * 86 H 86 f7 0d 01 09 01 16 10 r o o t @ l o g i d e e . c o m 0 1e 17 0d 0 0 0 8 1 4 1 9 1 7 0 6 Z 17 0d 0 1 0 8 1 4 1 9 1 7 0 6 Z 0 81 9d 1 0b 0 09 06 03 U 04 06 13 02 F R 1 11 0 0f 06 03 U 04 08 13 08 B a s - R h i n 1 13 0 11 06 03 U 04 07 13 0a S t r a s b o u r g 1 10 0 0e 06 03 U 04 0a 13 07 L o g i d e e 1 0e 0 0c 06 03 U 04 0b 13 05 S i e g e 1 # 0 ! 06 03 U 04 03 13 1a m a n c h o t . b u r e a u . l o g i d e e . c o m 1 1f 0 1d 06 09 * 86 H 86 f7 0d 01 09 01 16 10 r o o t @ l o g i d e e . c o m 0 81 9f 0 0d 06 09 * 86 H 86 f7 0d 01 01 01 05 00 03 81 8d 00 0 81 89 02 81 81 00 e8 fa M 1c + U Q a1 0b d8 | b6 bb eb 0b { 07 ed a db 80 g g 17 = b3 bf cc 09 cd e7 d0 d2 02 d1 a d0 88 bf \ 98 h 0a bd 6 @ a0 1e ea 9a c5 & o : c2 ba 90 8f d4 @ I e1 E 9c @ | N b1 c2 18 q y e5 S j cc 8 & 03 11 r ] 8d 09 m ? j n 98 9a v 93 Y af Y ] @ db 1e 95 bf f2 cb fb 0e c8 a2 v e4 e3 H H 3 db b7 b6 8a 93 9 a3 ce c8 " y 9 9 12 dd 02 03 01 00 01 a3 82 01 1e 0 82 01 1a 0 09 06 03 U 1d 13 04 02 0 00 0 , 06 09 ` 86 H 01 86 f8 B 01 0d 04 1f 16 1d O p e n S S L 20 G e n e r a t e d 20 C e r t i f i c a t e 0 1d 06 03 U 1d 0e 04 16 04 14 af _ d , K J a1 & Y D 03 d0 1c ~ e4 fe c6 da w dc 0 81 bf 06 03 U 1d # 04 81 b7 0 81 b4 80 14 c7 9b L & 2 a2 99 M i c2 b6 c7 w ff # da e8 / e2 c a1 81 98 a4 81 95 0 81 92 1 0b 0 09 06 03 U 04 06 13 02 F R 1 11 0 0f 06 03 U 04 08 13 08 B a s - R h i n 1 13 0 11 06 03 U 04 07 13 0a S t r a s b o u r g 1 10 0 0e 06 03 U 04 0a 13 07 L o g i d e e 1 0e 0 0c 06 03 U 04 0b 13 05 S i e g e 1 18 0 16 06 03 U 04 03 13 0f L o g i d e e 20 T e s t 20 C A 1 1f 0 1d 06 09 * 86 H 86 f7 0d 01 09 01 16 10 r o o t @ l o g i d e e . c o m 82 01 00 0 0d 06 09 * 86 H 86 f7 0d 01 01 04 05 00 03 81 81 00 = 04 Q } b1 da fd ea f7 c0 16 90 e8 14 82 d c5 e9 bf a3 0d 90 2 12 bf ` g d6 b8 c8 bf cd = db U U ef % n 93 84 03 17 c6 q 11 ed % 9c f8 f6 ba Q q e5 ` 9e N & c2 9d e4 8c 07 v 7 c1 w : Y d3 04 12 [ d3 f6 X f8 P f4 C - b4 e5 05 v ba (end) TLS trace: SSL_accept:SSLv3 write certificate A tls_write: want=1024, written=1024 e7 * 84 1b 7 ea 14 d0 e0 b7 f6 9e 0a E c6 17 d3 = 6 11 h R b4 20 ee k I I b9 > cf 0e Q P ae a2 14 D B 06 d 00 03 93 0 82 03 8f 0 82 02 f8 a0 03 02 01 02 02 01 00 0 0d 06 09 * 86 H 86 f7 0d 01 01 04 05 00 0 81 92 1 0b 0 09 06 03 U 04 06 13 02 F R 1 11 0 0f 06 03 U 04 08 13 08 B a s - R h i n 1 13 0 11 06 03 U 04 07 13 0a S t r a s b o u r g 1 10 0 0e 06 03 U 04 0a 13 07 L o g i d e e 1 0e 0 0c 06 03 U 04 0b 13 05 S i e g e 1 18 0 16 06 03 U 04 03 13 0f L o g i d e e 20 T e s t 20 C A 1 1f 0 1d 06 09 * 86 H 86 f7 0d 01 09 01 16 10 r o o t @ l o g i d e e . c o m 0 1e 17 0d 0 0 0 8 1 4 1 9 1 5 2 4 Z 17 0d 0 1 0 8 1 4 1 9 1 5 2 4 Z 0 81 92 1 0b 0 09 06 03 U 04 06 13 02 F R 1 11 0 0f 06 03 U 04 08 13 08 B a s - R h i n 1 13 0 11 06 03 U 04 07 13 0a S t r a s b o u r g 1 10 0 0e 06 03 U 04 0a 13 07 L o g i d e e 1 0e 0 0c 06 03 U 04 0b 13 05 S i e g e 1 18 0 16 06 03 U 04 03 13 0f L o g i d e e 20 T e s t 20 C A 1 1f 0 1d 06 09 * 86 H 86 f7 0d 01 09 01 16 10 r o o t @ l o g i d e e . c o m 0 81 9f 0 0d 06 09 * 86 H 86 f7 0d 01 01 01 05 00 03 81 8d 00 0 81 89 02 81 81 00 b2 d3 ` R b b1 84 ab dd e1 C d6 1a 81 % e2 c8 5 ( 5 M 12 cc 1d > b1 X A c z : a ( f6 = P 08 aa a8 7 ec d3 16 . bf be 02 R bf 6 w \ fa ed d6 b7 ba " n M d3 83 X 87 c9 91 V ^ + 8d } J N 03 1e K a1 b2 ` ef 08 bb ) e5 ca 90 K Q a4 94 Z 95 ea bc ce W b9 83 a8 c8 ab ; ( 05 ef a0 85 3 d5 ] bc U / c9 e8 c7 f cf b1 c7 13 c0 w S 9a ee ba 9 02 03 01 00 01 a3 81 f2 0 81 ef 0 1d 06 03 U 1d 0e 04 16 04 14 c7 9b L & 2 a2 99 M i c2 b6 c7 w ff # da e8 / e2 c 0 81 bf 06 03 U 1d # 04 81 b7 0 81 b4 80 14 c7 9b L & 2 a2 99 M i c2 b6 c7 w ff # da e8 / e2 c a1 81 98 a4 81 95 0 81 92 1 0b 0 09 06 03 U 04 06 13 02 F R 1 11 0 0f 06 03 U 04 08 13 08 B a s - R h i n 1 13 0 11 06 03 U 04 07 13 0a S t r a s b o u r g 1 10 0 0e 06 03 U 04 0a 13 07 L o g i d e e 1 0e 0 0c 06 03 U 04 0b 13 05 S i e g e 1 18 0 16 06 03 U 04 03 13 0f L o g i d e e 20 T e s t 20 C A 1 1f 0 1d 06 09 * 86 H 86 f7 0d 01 09 01 16 10 r o o t @ l o g i d e e . c o m 82 01 00 0 0c 06 03 U 1d 13 04 05 0 03 01 01 ff 0 0d 06 09 * 86 H 86 f7 0d 01 01 04 05 00 03 81 81 00 0 ' g G , C } w 9a r 7f b7 C 0f f9 B d6 Y fa 5 17 11 q de fb df Y de Q 8f ae ee df c6 ac d8 da 87 O F V 12 00 fa 9 b8 , ed e9 00 10 v ca b0 c1 a6 d9 15 z f6 bd c4 . e5 e1 86 a4 ad c dd dc { g b1 x d1 _ eb 17 95 02 14 < d0 92 0a & } r 98 T - q d f5 / b1 f1 d5 b7 D 85 e8 O M eb a2 04 05 H ab S eb a5 ; a4 ac 86 e8 0d 1 C db v " 05 b8 * 16 03 01 00 a0 0d 00 00 9c 02 01 02 00 97 00 95 0 81 92 1 0b 0 09 06 03 U 04 06 13 02 F R 1 11 0 0f 06 03 U 04 08 13 08 B a s - R h i n 1 13 0 11 06 03 U 04 07 13 0a S t r (end) TLS trace: SSL_accept:SSLv3 write certificate request A TLS trace: SSL_accept:SSLv3 write server done A tls_write: want=109, written=109 a s b o u r g 1 10 0 0e 06 03 U 04 0a 13 07 L o g i d e e 1 0e 0 0c 06 03 U 04 0b 13 05 S i e g e 1 18 0 16 06 03 U 04 03 13 0f L o g i d e e 20 T e s t 20 C A 1 1f 0 1d 06 09 * 86 H 86 f7 0d 01 09 01 16 10 r o o t @ l o g i d e e . c o m 16 03 01 00 04 0e 00 00 00 TLS trace: SSL_accept:SSLv3 flush data tls_read: want=5 error=Resource temporarily unavailable TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A daemon: select: listen=6 active_threads=1 tvp=NULL daemon: activity on 1 descriptors daemon: activity on: 9r daemon: read activity on 9 connection_get(9): got connid=0 connection_read(9): checking for input on id=0 tls_read: want=5, got=5 15 03 01 00 02 tls_read: want=2, got=2 02 0 TLS trace: SSL3 alert read:fatal:unknown TLS trace: SSL_accept:failed in SSLv3 read client certificate A TLS: can't accept. TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca s3_pkt.c:774 connection_read(9): TLS accept error error=-1 id=0, closing connection_closing: readying conn=0 sd=9 for close sockbuf_read: want=4096, got=64 0 > 02 01 02 c 9 04 00 0a 01 00 0a 01 00 02 01 00 02 01 00 01 01 00 87 0b o b j e c t c l a s s 0 19 04 17 s u p p o r t e d S A S L M e c h a n i s m s (end) sockbuf_read: want=4096, got=0 (end) sockbuf_read: want=4096, got=0 (end) sockbuf_read: want=4096, got=0 (end) sockbuf_read: want=4096, got=0 (end) sockbuf_read: want=4096, got=0 (end) [...] The same two lines are repeated ad infinitam... Joel K.
moved from Incoming to Development
changed notes changed state Open to Suspended
moved from Development to Software Bugs
Please check 2.0.0. A change was made that may resolve this problem. Kurt
changed notes changed state Suspended to Test
changed state Test to Closed
Believed fixed.