Re: (ITS#4082) TLS broken in OPENLDAP_REL_ENG_2_3_10?

[Kurt@OpenLDAP.org]

Should be fixed in HEAD and OPENLDAP_REL_ENG_2_3.
Please test.

At 07:30 AM 10/12/2005, kevins@bmrb.co.uk wrote:
>Full_Name: Kevin Spicer
>Version: OPENLDAP_REL_ENG_2_3_10
>OS: linux
>URL: 
>Submission from: (NULL) (198.178.236.10)
>
>
>I can't seem to get TLS working in OPENLDAP_REL_ENG_2_3_10  My TLS configuration
>as shown below is unchanged from its configuration in 2.2.19
>
>TLSCipherSuite HIGH:+TLSv1:+SSLv2:+SSLv3
>TLSCACertificateFile /usr/local/etc/openldap/certs/cacert.pem
>TLSCertificateFile /usr/local/etc/openldap/certs/laptop.slapd-cert.pem
>TLSCertificateKeyFile /usr/local/etc/openldap/certs/laptop.slapd-key.pem
>
>Both 2.2.19 and 2.3.10 are linked against openssl 0.9.7 - from the output of
>ldd...
>libssl.so.0.9.7 => /usr/lib/libssl.so.0.9.7 (0xb7edc000)
>
>When attempting to start slapd I get the following on 2.3.10 ...
>$ libexec/slapd -d 1 -u ldap -g ldap  -h "ldap:// ldaps://"
>@(#) $OpenLDAP: slapd 2.3.10 (Oct 12 2005 15:12:00) $
>        root@laptop:/home/kevins/openldap-2.3.10cvs/servers/slapd
>daemon_init: listen on ldap://
>daemon_init: listen on ldaps://
>daemon_init: 2 listeners to open...
>ldap_url_parse_ext(ldap://)
>daemon: IPv6 socket() failed errno=97 (Address family not supported by
>protocol)daemon: initialized ldap://
>ldap_url_parse_ext(ldaps://)
>daemon: TLS not configured (ldaps://)
>slapd stopped.
>connections_destroy: nothing to destroy.
>
>However this works fine with 2.2.19.  slapd from 2.3.10 starts normally if
>called without ldaps://, however the startTLS functuionality doesn't work. 
>i.e.
>$ libexec/slapd -u ldap -g ldap  -h "ldap://"; 
>$ bin/ldapsearch -ZZ
>ldap_start_tls: Connect error (-11)
>
>Again this works correctly on 2.2.19.  I have checked the appropriate man pages
>but I can't see any obvious change that may have caused this.
>
>
>
>