659 – infinite loop with TLS

Issue 659 - infinite loop with TLS

Summary: infinite loop with TLS

Status:	VERIFIED FIXED

Alias:	None

Product:	OpenLDAP
Classification:	Unclassified
Component:	slapd (show other issues)
Version:	unspecified
Hardware:	All All

Importance:	--- normal
Target Milestone:	---
Assignee:	OpenLDAP project

URL:
Keywords:

Depends on:
Blocks:

Reported:	2000-08-14 19:59 UTC by joko@logidee.com
Modified:	2014-08-01 21:06 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description joko@logidee.com 2000-08-14 19:59:29 UTC

Full_Name: Joel Kociolek
Version: latest CVS version (2000-08-14)
OS: Linux Debian potato
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (193.251.1.233)


I found an apparently infinite loop in slapd when using SSL/TLS authentication
if ldapsearch is wrongly configured.

I'm using openldap from latest CVS (as of today 2000-08-14) and ldapsearch as 
a client.

I followed the instructions outlined in 
http://www.OpenLDAP.org/lists/openldap-devel/200006/msg00107.html
to create my keys and certificates, and to configure the slapd server.

For the client config, if I have TLS_CERT TLS_KEY and TLS_CACERT in the config
file,
and i do an "ldapsearch -Z", evrything works fine. But if I remove TLS_CACERT
from
the config file, then slapd seems to hang. Debuging output shows that it
apparently
goes into an infinite loop.

Here is the output from "slapd -d 11" when running "ldapsearch -Z uid=joko" :



@(#) $OpenLDAP: slapd 2.0-devel (Mon Aug 14 17:26:48 CEST 2000) $
        joko@manchot:/home/joko/src/ldap/servers/slapd
daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse(ldap:///)
daemon: socket() failed errno=22 (Invalid argument)
daemon: initialized ldap:///
daemon_init: 1 listeners opened
slapd init: initiated server.
slap_sasl_init: manchot initialized!
slapd startup: initiated.
slapd starting
daemon: added 6r
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: new connection on 9
daemon: added 9r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
sockbuf_read: want=1, got=1
         0
sockbuf_read: want=1, got=1
        1d
sockbuf_read: want=29, got=29
        02 01 01  w 18 80 16  1  .  3  .  6  .  1  .  4
         .  1  .  1  4  6  6  .  2  0  0  3  7
ber_get_next: tag 0x30 len 29 contents:
ber_get_next
sockbuf_read: want=1 error=Resource temporarily unavailable
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=6 active_threads=1 tvp=NULL
do_extended
ber_scanf fmt ({a) ber:
send_ldap_extended 0: (0)
send_ldap_response: msgid=1 tag=120 err=0
ber_flush: 14 bytes to sd 9
         0 0c 02 01 01  x 07 0a 01 00 04 00 04 00
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
sockbuf_write: want=14, written=14
         0 0c 02 01 01  x 07 0a 01 00 04 00 04 00
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
tls_read: want=7, got=7
        80  k 01 03 01 00  B
tls_read: want=102, got=102
        00 00 00 20 00 00 16 00 00 13 00 00 0a 00 00 07
        00 00 05 00 00 04 00 00 15 00 00 12 00 00 09 07
        00 c0 05 00 80 03 00 80 01 00 80 08 00 80 06 00
         @ 00 00 14 00 00 11 00 00 08 00 00 06 00 00 03
        04 00 80 02 00 80 92 fa d2 9e 11 c8 ac  " c8  X
        07 d9  & f7 e7 96  E a2 ba  @ 94 d7  ) 80 c4 1a
        06 df c5 e7 c4  b
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
tls_write: want=1024, written=1024
        16 03 01 00  J 02 00 00  F 03 01  9 98  M  2 9b
        97 f7 f1  X de c7 cc cb f2 80 10 96 c4  ~  . 90
        88  ` a6  Q eb  C cd f0  L 09 00 20 db  Y  + a5
         ( ab  # af  ( d1  ' 20 f6 0d  q  p  = e4  8 c0
        e5 dc  v  G ea b7 0e ca a1  o  ` 1c 00 0a 00 16
        03 01 07  k 0b 00 07  g 00 07  d 00 03 cb  0 82
        03 c7  0 82 03  0 a0 03 02 01 02 02 01 01  0 0d
        06 09  * 86  H 86 f7 0d 01 01 04 05 00  0 81 92
         1 0b  0 09 06 03  U 04 06 13 02  F  R  1 11  0
        0f 06 03  U 04 08 13 08  B  a  s  -  R  h  i  n
         1 13  0 11 06 03  U 04 07 13 0a  S  t  r  a  s
         b  o  u  r  g  1 10  0 0e 06 03  U 04 0a 13 07
         L  o  g  i  d  e  e  1 0e  0 0c 06 03  U 04 0b
        13 05  S  i  e  g  e  1 18  0 16 06 03  U 04 03
        13 0f  L  o  g  i  d  e  e 20  T  e  s  t 20  C
         A  1 1f  0 1d 06 09  * 86  H 86 f7 0d 01 09 01
        16 10  r  o  o  t  @  l  o  g  i  d  e  e  .  c
         o  m  0 1e 17 0d  0  0  0  8  1  4  1  9  1  7
         0  6  Z 17 0d  0  1  0  8  1  4  1  9  1  7  0
         6  Z  0 81 9d  1 0b  0 09 06 03  U 04 06 13 02
         F  R  1 11  0 0f 06 03  U 04 08 13 08  B  a  s
         -  R  h  i  n  1 13  0 11 06 03  U 04 07 13 0a
         S  t  r  a  s  b  o  u  r  g  1 10  0 0e 06 03
         U 04 0a 13 07  L  o  g  i  d  e  e  1 0e  0 0c
        06 03  U 04 0b 13 05  S  i  e  g  e  1  #  0  !
        06 03  U 04 03 13 1a  m  a  n  c  h  o  t  .  b
         u  r  e  a  u  .  l  o  g  i  d  e  e  .  c  o
         m  1 1f  0 1d 06 09  * 86  H 86 f7 0d 01 09 01
        16 10  r  o  o  t  @  l  o  g  i  d  e  e  .  c
         o  m  0 81 9f  0 0d 06 09  * 86  H 86 f7 0d 01
        01 01 05 00 03 81 8d 00  0 81 89 02 81 81 00 e8
        fa  M 1c  +  U  Q a1 0b d8  | b6 bb eb 0b  { 07
        ed  a db 80  g  g 17  = b3 bf cc 09 cd e7 d0 d2
        02 d1  a d0 88 bf  \ 98  h 0a bd  6  @ a0 1e ea
        9a c5  &  o  : c2 ba 90 8f d4  @  I e1  E 9c  @
         |  N b1 c2 18  q  y e5  S  j cc  8  & 03 11  r
         ] 8d 09  m  ?  j  n 98 9a  v 93  Y af  Y  ]  @
        db 1e 95 bf f2 cb fb 0e c8 a2  v e4 e3  H  H  3
        db b7 b6 8a 93  9 a3 ce c8  "  y  9  9 12 dd 02
        03 01 00 01 a3 82 01 1e  0 82 01 1a  0 09 06 03
         U 1d 13 04 02  0 00  0  , 06 09  ` 86  H 01 86
        f8  B 01 0d 04 1f 16 1d  O  p  e  n  S  S  L 20
         G  e  n  e  r  a  t  e  d 20  C  e  r  t  i  f
         i  c  a  t  e  0 1d 06 03  U 1d 0e 04 16 04 14
        af  _  d  ,  K  J a1  &  Y  D 03 d0 1c  ~ e4 fe
        c6 da  w dc  0 81 bf 06 03  U 1d  # 04 81 b7  0
        81 b4 80 14 c7 9b  L  &  2 a2 99  M  i c2 b6 c7
         w ff  # da e8  / e2  c a1 81 98 a4 81 95  0 81
        92  1 0b  0 09 06 03  U 04 06 13 02  F  R  1 11
         0 0f 06 03  U 04 08 13 08  B  a  s  -  R  h  i
         n  1 13  0 11 06 03  U 04 07 13 0a  S  t  r  a
         s  b  o  u  r  g  1 10  0 0e 06 03  U 04 0a 13
        07  L  o  g  i  d  e  e  1 0e  0 0c 06 03  U 04
        0b 13 05  S  i  e  g  e  1 18  0 16 06 03  U 04
        03 13 0f  L  o  g  i  d  e  e 20  T  e  s  t 20
         C  A  1 1f  0 1d 06 09  * 86  H 86 f7 0d 01 09
        01 16 10  r  o  o  t  @  l  o  g  i  d  e  e  .
         c  o  m 82 01 00  0 0d 06 09  * 86  H 86 f7 0d
        01 01 04 05 00 03 81 81 00  = 04  Q  } b1 da fd
        ea f7 c0 16 90 e8 14 82  d c5 e9 bf a3 0d 90  2
        12 bf  `  g d6 b8 c8 bf cd  = db  U  U ef  %  n
        93 84 03 17 c6  q 11 ed  % 9c f8 f6 ba  Q  q e5
         ` 9e  N  & c2 9d e4 8c 07  v  7 c1  w  :  Y d3
        04 12  [ d3 f6  X f8  P f4  C  - b4 e5 05  v ba
        (end)
TLS trace: SSL_accept:SSLv3 write certificate A
tls_write: want=1024, written=1024
        e7  * 84 1b  7 ea 14 d0 e0 b7 f6 9e 0a  E c6 17
        d3  =  6 11  h  R b4 20 ee  k  I  I b9  > cf 0e
         Q  P ae a2 14  D  B 06  d 00 03 93  0 82 03 8f
         0 82 02 f8 a0 03 02 01 02 02 01 00  0 0d 06 09
         * 86  H 86 f7 0d 01 01 04 05 00  0 81 92  1 0b
         0 09 06 03  U 04 06 13 02  F  R  1 11  0 0f 06
        03  U 04 08 13 08  B  a  s  -  R  h  i  n  1 13
         0 11 06 03  U 04 07 13 0a  S  t  r  a  s  b  o
         u  r  g  1 10  0 0e 06 03  U 04 0a 13 07  L  o
         g  i  d  e  e  1 0e  0 0c 06 03  U 04 0b 13 05
         S  i  e  g  e  1 18  0 16 06 03  U 04 03 13 0f
         L  o  g  i  d  e  e 20  T  e  s  t 20  C  A  1
        1f  0 1d 06 09  * 86  H 86 f7 0d 01 09 01 16 10
         r  o  o  t  @  l  o  g  i  d  e  e  .  c  o  m
         0 1e 17 0d  0  0  0  8  1  4  1  9  1  5  2  4
         Z 17 0d  0  1  0  8  1  4  1  9  1  5  2  4  Z
         0 81 92  1 0b  0 09 06 03  U 04 06 13 02  F  R
         1 11  0 0f 06 03  U 04 08 13 08  B  a  s  -  R
         h  i  n  1 13  0 11 06 03  U 04 07 13 0a  S  t
         r  a  s  b  o  u  r  g  1 10  0 0e 06 03  U 04
        0a 13 07  L  o  g  i  d  e  e  1 0e  0 0c 06 03
         U 04 0b 13 05  S  i  e  g  e  1 18  0 16 06 03
         U 04 03 13 0f  L  o  g  i  d  e  e 20  T  e  s
         t 20  C  A  1 1f  0 1d 06 09  * 86  H 86 f7 0d
        01 09 01 16 10  r  o  o  t  @  l  o  g  i  d  e
         e  .  c  o  m  0 81 9f  0 0d 06 09  * 86  H 86
        f7 0d 01 01 01 05 00 03 81 8d 00  0 81 89 02 81
        81 00 b2 d3  `  R  b b1 84 ab dd e1  C d6 1a 81
         % e2 c8  5  (  5  M 12 cc 1d  > b1  X  A  c  z
         :  a  ( f6  =  P 08 aa a8  7 ec d3 16  . bf be
        02  R bf  6  w  \ fa ed d6 b7 ba  "  n  M d3 83
         X 87 c9 91  V  ^  + 8d  }  J  N 03 1e  K a1 b2
         ` ef 08 bb  ) e5 ca 90  K  Q a4 94  Z 95 ea bc
        ce  W b9 83 a8 c8 ab  ;  ( 05 ef a0 85  3 d5  ]
        bc  U  / c9 e8 c7  f cf b1 c7 13 c0  w  S 9a ee
        ba  9 02 03 01 00 01 a3 81 f2  0 81 ef  0 1d 06
        03  U 1d 0e 04 16 04 14 c7 9b  L  &  2 a2 99  M
         i c2 b6 c7  w ff  # da e8  / e2  c  0 81 bf 06
        03  U 1d  # 04 81 b7  0 81 b4 80 14 c7 9b  L  &
         2 a2 99  M  i c2 b6 c7  w ff  # da e8  / e2  c
        a1 81 98 a4 81 95  0 81 92  1 0b  0 09 06 03  U
        04 06 13 02  F  R  1 11  0 0f 06 03  U 04 08 13
        08  B  a  s  -  R  h  i  n  1 13  0 11 06 03  U
        04 07 13 0a  S  t  r  a  s  b  o  u  r  g  1 10
         0 0e 06 03  U 04 0a 13 07  L  o  g  i  d  e  e
         1 0e  0 0c 06 03  U 04 0b 13 05  S  i  e  g  e
         1 18  0 16 06 03  U 04 03 13 0f  L  o  g  i  d
         e  e 20  T  e  s  t 20  C  A  1 1f  0 1d 06 09
         * 86  H 86 f7 0d 01 09 01 16 10  r  o  o  t  @
         l  o  g  i  d  e  e  .  c  o  m 82 01 00  0 0c
        06 03  U 1d 13 04 05  0 03 01 01 ff  0 0d 06 09
         * 86  H 86 f7 0d 01 01 04 05 00 03 81 81 00  0
         '  g  G  ,  C  }  w 9a  r 7f b7  C 0f f9  B d6
         Y fa  5 17 11  q de fb df  Y de  Q 8f ae ee df
        c6 ac d8 da 87  O  F  V 12 00 fa  9 b8  , ed e9
        00 10  v ca b0 c1 a6 d9 15  z f6 bd c4  . e5 e1
        86 a4 ad  c dd dc  {  g b1  x d1  _ eb 17 95 02
        14  < d0 92 0a  &  }  r 98  T  -  q  d f5  / b1
        f1 d5 b7  D 85 e8  O  M eb a2 04 05  H ab  S eb
        a5  ; a4 ac 86 e8 0d  1  C db  v  " 05 b8  * 16
        03 01 00 a0 0d 00 00 9c 02 01 02 00 97 00 95  0
        81 92  1 0b  0 09 06 03  U 04 06 13 02  F  R  1
        11  0 0f 06 03  U 04 08 13 08  B  a  s  -  R  h
         i  n  1 13  0 11 06 03  U 04 07 13 0a  S  t  r
        (end)
TLS trace: SSL_accept:SSLv3 write certificate request A
TLS trace: SSL_accept:SSLv3 write server done A
tls_write: want=109, written=109
         a  s  b  o  u  r  g  1 10  0 0e 06 03  U 04 0a
        13 07  L  o  g  i  d  e  e  1 0e  0 0c 06 03  U
        04 0b 13 05  S  i  e  g  e  1 18  0 16 06 03  U
        04 03 13 0f  L  o  g  i  d  e  e 20  T  e  s  t
        20  C  A  1 1f  0 1d 06 09  * 86  H 86 f7 0d 01
        09 01 16 10  r  o  o  t  @  l  o  g  i  d  e  e
         .  c  o  m 16 03 01 00 04 0e 00 00 00
TLS trace: SSL_accept:SSLv3 flush data
tls_read: want=5 error=Resource temporarily unavailable
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
tls_read: want=5, got=5
        15 03 01 00 02
tls_read: want=2, got=2
        02  0
TLS trace: SSL3 alert read:fatal:unknown
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept.                                                             

TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
s3_pkt.c:774
connection_read(9): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=9 for close
sockbuf_read: want=4096, got=64
         0  > 02 01 02  c  9 04 00 0a 01 00 0a 01 00 02
        01 00 02 01 00 01 01 00 87 0b  o  b  j  e  c  t
         c  l  a  s  s  0 19 04 17  s  u  p  p  o  r  t
         e  d  S  A  S  L  M  e  c  h  a  n  i  s  m  s
        (end)
sockbuf_read: want=4096, got=0
        (end)
sockbuf_read: want=4096, got=0
        (end)
sockbuf_read: want=4096, got=0
        (end)
sockbuf_read: want=4096, got=0
        (end)
sockbuf_read: want=4096, got=0
        (end)
[...] 

The same two lines are repeated ad infinitam...


Joel K.

Comment 1 Kurt Zeilenga 2000-08-15 18:37:19 UTC

moved from Incoming to Development

Comment 2 Kurt Zeilenga 2000-08-17 16:11:48 UTC

changed notes
changed state Open to Suspended

Comment 3 Kurt Zeilenga 2000-09-02 15:04:51 UTC

moved from Development to Software Bugs

Comment 4 Kurt Zeilenga 2000-09-03 17:32:23 UTC

Please check 2.0.0.  A change was made that may resolve this problem.

Kurt

Comment 5 Kurt Zeilenga 2000-09-03 17:32:39 UTC

changed notes
changed state Suspended to Test

Comment 6 Kurt Zeilenga 2000-09-05 15:32:03 UTC

changed state Test to Closed

Comment 7 OpenLDAP project 2014-08-01 21:06:54 UTC

Believed fixed.