[Date Prev][Date Next]
Re: (ITS#4144) Strange problem in client libs with SSL connect
Aaron Richton wrote:
>>ldapsearch -x -H ldaps://directory.example.com -b "" "(objectClass=*)"
> Hmm. My ldapsearch: @(#) $OpenLDAP: ldapsearch 2.3.X (Nov 4 2005 10:01:17) $
> runs that fine against our SunONE server. The point about something
> getting stomped on on the long-lived process is valid, but doesn't make
> sense if you see ldapsearch(1) fail.
There are two issues here:
1. The request should work if everything is correctly configured. It
could have something to do with the certs being used. Processing X.509v3
cert extensions during path validation is a weird task. I could reveal
this data to a single developer examining this but not to the ITS.
2. It looks suspicious when a connection attempt works which failed before.