[Date Prev][Date Next]
Re: (ITS#5341) Invalid TLSCipherSuite causes hang
On Fri, Feb 01, 2008 at 12:15:52AM -0500, Kyle Moffett wrote:
> On Jan 29, 2008 2:55 PM, Steve Langasek <email@example.com> wrote:
> > On Tue, Jan 29, 2008 at 11:31:43AM -0800, Quanah Gibson-Mount wrote:
> > > --On Tuesday, January 29, 2008 11:09 AM -0800 Steve Langasek <firstname.lastname@example.org> wrote:
> > > > Anyway, the documented syntax for TLSCipherSuite is "$cipher1:$cipher2",
> > > > not "$cipher1 $cipher2"; but setting such values gives me a hang on
> > > > startup (which should be investigated).
> > > Filed upstream:
> > > <http://www.OpenLDAP.org/its/index.cgi?findid=5341>
> > Sorry, the description of this ITS is inverted. It's *valid* ciphersuite
> > values (i.e., "cipher1:cipher2") that cause the hang; invalid
> > space-separated values are merely truncated after the first cipher in the
> > list, which doesn't cause a hang, it just prevents the cipher list from
> > being useful.
> Steve, would you mind testing the patch I posted there? It fixed the
> problem for me when I wrote it a month or two ago, hopefully it will
> fix the problem for you too.
Thanks, I can confirm this fixes the problem here. I'm able to set multiple
ciphers in a TLSCipherSuite list, and able to connect appropriately with
ldapsearch and gnutls-cli after the change.
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/