[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4144) Strange problem in client libs with SSL connect



Aaron Richton wrote:
>>ldapsearch -x -H ldaps://directory.example.com -b "" "(objectClass=*)"
> 
> Hmm. My ldapsearch: @(#) $OpenLDAP: ldapsearch 2.3.X (Nov 4 2005 10:01:17) $
> runs that fine against our SunONE server. The point about something
> getting stomped on on the long-lived process is valid, but doesn't make
> sense if you see ldapsearch(1) fail.

There are two issues here:

1. The request should work if everything is correctly configured. It
could have something to do with the certs being used. Processing X.509v3
cert extensions during path validation is a weird task. I could reveal
this data to a single developer examining this but not to the ITS.

2. It looks suspicious when a connection attempt works which failed before.

Ciao, Michael.