[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6642) back-meta idassert with SASL EXTERNAL ignoring parameters

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6642) back-meta idassert with SASL EXTERNAL ignoring parameters
From: mgaupp@googlemail.com
Date: Thu, 9 Sep 2010 11:39:48 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

I've just tested this scenario using the back-meta sources (and
slap.h,sl_malloc.c) from HEAD. I also tried to add "tls start" to the
back-meta configuration.

Unfortunately, the problem still persists. (But the workaround,
setting LDAPTLS_..., still works)

When I look at the debug outputs (at debug level 1), the first
difference is in the SSL_connect messages. Only my workaround method
is sending the "write certificate verify" to authenticate with the
certificate, whereas it doesn't send this message without the
workaround.

The Output from the "good" request (with workaround) is
-----------------------------------------------------------------------------------------
TLS trace: SSL_connect:SSLv3 read server certificate A
TLS trace: SSL_connect:SSLv3 read server key exchange A
TLS trace: SSL_connect:SSLv3 read server certificate request A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client certificate A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write certificate verify A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
TLS trace: SSL_connect:SSLv3 flush data
TLS trace: SSL_connect:SSLv3 read finished A
ldap_int_sasl_open: host=localhost
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
-----------------------------------------------------------------------------------------

The output from the request without the workaround:
-----------------------------------------------------------------------------------------
TLS trace: SSL_connect:SSLv3 read server certificate A
TLS trace: SSL_connect:SSLv3 read server key exchange A
TLS trace: SSL_connect:SSLv3 read server certificate request A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client certificate A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
TLS trace: SSL_connect:SSLv3 flush data
TLS trace: SSL_connect:SSLv3 read finished A
ldap_int_sasl_open: host=localhost
ldap_free_connection 1 1
ldap_send_unbind
ber_flush2: 7 bytes to sd 15
TLS trace: SSL3 alert write:warning:close notify
ldap_free_connection: actually freed
-----------------------------------------------------------------------------------------

Regards,
Manuel

Prev by Date: Re: (ITS#6642) back-meta idassert with SASL EXTERNAL ignoring parameters
Next by Date: (ITS#6644) wrong conversion specifier for "port" in "ldap_domain2hostlist"
Index(es):
- Chronological
- Thread