[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#9014) OpenLDAP modifies user provided TLS certificate before sending it to client
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#9014) OpenLDAP modifies user provided TLS certificate before sending it to client
- From: siddjain@live.com
- Date: Wed, 24 Apr 2019 17:34:10 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
--_000_MWHPR08MB24000D77048AFCF7465C4397B53C0MWHPR08MB2400namp_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
could you send me output of running
openssl version -a
on your system? thanks
________________________________
From: Howard Chu <hyc@symas.com>
Sent: Wednesday, April 24, 2019 10:04 AM
To: Siddharth Jain; openldap-its@OpenLDAP.org
Subject: Re: (ITS#9014) OpenLDAP modifies user provided TLS certificate bef=
ore sending it to client
Siddharth Jain wrote:
> Wow! Thanks for responding so fast. This could be a bug in docker-openlda=
p then. we have repro'ed this in two different environments - mac and ubunt=
u. Do you
> have a recommendation for docker image for openldap?
As I said before, OpenLDAP doesn't touch the certificate files, it merely t=
ells the TLS
library where they are. You must likely have a broken TLS library.
-------------------------------------------------------------------------=
---------------------------------------------------------------------------=
------------
> *From:* Howard Chu <hyc@symas.com>
> *Sent:* Wednesday, April 24, 2019 9:42 AM
> *To:* Siddharth Jain; openldap-its@OpenLDAP.org
> *Subject:* Re: (ITS#9014) OpenLDAP modifies user provided TLS certificate=
before sending it to client
>
> Siddharth Jain wrote:
>> we have documented complete steps to repro the bug here <https://nam01.s=
afelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fgithub.com%2Fsiddjain%=
2Fopenldap-bug&data=3D02%7C01%7C%7Cdeffc420629649af454408d6c8d6f129%7C8=
4df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636917222820865922&sdata=3Dsx=
jXXBtCMOjbK5AZCpLTObP%2BIlJRAxXUK7LpLzUDD%2FM%3D&reserved=3D0> with
> container logs.
>
> I see no error here.
>
> Using your cert/key files:
> There is no OpenLDAP bug here. Your server environment is broken.
--
-- Howard Chu
CTO, Symas Corp. https://nam01.safelinks.protection.outlook.com=
/?url=3Dhttp%3A%2F%2Fwww.symas.com&data=3D02%7C01%7C%7Cdeffc420629649af=
454408d6c8d6f129%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C6369172228208=
65922&sdata=3DX5JT6j5%2BQ2BAsKGfNslnC%2FkQj%2BcSU4GAdTqmqqc3lWo%3D&=
reserved=3D0
Director, Highland Sun https://nam01.safelinks.protection.outlook.com=
/?url=3Dhttp%3A%2F%2Fhighlandsun.com%2Fhyc%2F&data=3D02%7C01%7C%7Cdeffc=
420629649af454408d6c8d6f129%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C63=
6917222820865922&sdata=3DSHju26Gxu5dToV%2BuCYDxBMZQS5qJZvREcg9q0CEg2bo%=
3D&reserved=3D0
Chief Architect, OpenLDAP https://nam01.safelinks.protection.outlook.com=
/?url=3Dhttp%3A%2F%2Fwww.openldap.org%2Fproject%2F&data=3D02%7C01%7C%7C=
deffc420629649af454408d6c8d6f129%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0=
%7C636917222820865922&sdata=3DfJ7LIrWHv%2FG4CJGrx%2BClsFoldJfri%2Bdk7WN=
59Bt45jU%3D&reserved=3D0
--_000_MWHPR08MB24000D77048AFCF7465C4397B53C0MWHPR08MB2400namp_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-=
1">
<style type=3D"text/css" style=3D"display:none;"> P {margin-top:0;margin-bo=
ttom:0;} </style>
</head>
<body dir=3D"ltr">
<div style=3D"font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;=
color: rgb(0, 0, 0);">
could you send me output of running
<p style=3D"margin: 0px; font: 11px Menlo; background-color: rgb(255, 255, =
255); margin: 0px; background-color: rgb(255, 255, 255)">
<span style=3D"font-variant-ligatures: no-common-ligatures; font-variant-li=
gatures: no-common-ligatures">openssl version -a</span></p>
<p style=3D"margin: 0px; font: 11px Menlo; background-color: rgb(255, 255, =
255); margin: 0px; background-color: rgb(255, 255, 255)">
<span style=3D"font-variant-ligatures: no-common-ligatures; font-variant-li=
gatures: no-common-ligatures">on your system? thanks</span></p>
</div>
<div>
<div id=3D"appendonsend"></div>
<div style=3D"font-family:Calibri,Helvetica,sans-serif; font-size:12pt; col=
or:rgb(0,0,0)">
<br>
</div>
<hr tabindex=3D"-1" style=3D"display:inline-block; width:98%">
<div id=3D"divRplyFwdMsg" dir=3D"ltr"><font face=3D"Calibri, sans-serif" co=
lor=3D"#000000" style=3D"font-size:11pt"><b>From:</b> Howard Chu <hyc@sy=
mas.com><br>
<b>Sent:</b> Wednesday, April 24, 2019 10:04 AM<br>
<b>To:</b> Siddharth Jain; openldap-its@OpenLDAP.org<br>
<b>Subject:</b> Re: (ITS#9014) OpenLDAP modifies user provided TLS certific=
ate before sending it to client</font>
<div> </div>
</div>
<div class=3D"BodyFragment"><font size=3D"2"><span style=3D"font-size:11pt"=
>
<div class=3D"PlainText">Siddharth Jain wrote:<br>
> Wow! Thanks for responding so fast. This could be a bug in docker-open=
ldap then. we have repro'ed this in two different environments - mac and ub=
untu. Do you<br>
> have a recommendation for docker image for openldap?<br>
<br>
As I said before, OpenLDAP doesn't touch the certificate files, it merely t=
ells the TLS<br>
library where they are. You must likely have a broken TLS library.<br>
--------------------------------------------------------------------=
---------------------------------------------------------------------------=
-----------------<br>
> *From:* Howard Chu <hyc@symas.com><br>
> *Sent:* Wednesday, April 24, 2019 9:42 AM<br>
> *To:* Siddharth Jain; openldap-its@OpenLDAP.org<br>
> *Subject:* Re: (ITS#9014) OpenLDAP modifies user provided TLS certific=
ate before sending it to client<br>
> <br>
> Siddharth Jain wrote:<br>
>> we have documented complete steps to repro the bug here <<=
a href=3D"https://nam01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F=
%2Fgithub.com%2Fsiddjain%2Fopenldap-bug&amp;data=3D02%7C01%7C%7Cdeffc42=
0629649af454408d6c8d6f129%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C6369=
17222820865922&amp;sdata=3DsxjXXBtCMOjbK5AZCpLTObP%2BIlJRAxXUK7LpLzUDD%=
2FM%3D&amp;reserved=3D0">https://nam01.safelinks.protection.outlook.com=
/?url=3Dhttps%3A%2F%2Fgithub.com%2Fsiddjain%2Fopenldap-bug&amp;data=3D0=
2%7C01%7C%7Cdeffc420629649af454408d6c8d6f129%7C84df9e7fe9f640afb435aaaaaaaa=
aaaa%7C1%7C0%7C636917222820865922&amp;sdata=3DsxjXXBtCMOjbK5AZCpLTObP%2=
BIlJRAxXUK7LpLzUDD%2FM%3D&amp;reserved=3D0</a>> with<br>
> container logs.<br>
> <br>
> I see no error here.<br>
> <br>
> Using your cert/key files:<br>
<br>
> There is no OpenLDAP bug here. Your server environment is broken.<br>
<br>
<br>
-- <br>
-- Howard Chu<br>
CTO, Symas Corp. &nbs=
p; <a href=3D"https://nam01.safelinks.protection.outlook.com/?url=3Dh=
ttp%3A%2F%2Fwww.symas.com&amp;data=3D02%7C01%7C%7Cdeffc420629649af45440=
8d6c8d6f129%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636917222820865922=
&amp;sdata=3DX5JT6j5%2BQ2BAsKGfNslnC%2FkQj%2BcSU4GAdTqmqqc3lWo%3D&a=
mp;reserved=3D0">
https://nam01.safelinks.protection.outlook.com/?url=3Dhttp%3A%2F%2Fwww.syma=
s.com&amp;data=3D02%7C01%7C%7Cdeffc420629649af454408d6c8d6f129%7C84df9e=
7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636917222820865922&amp;sdata=3DX5J=
T6j5%2BQ2BAsKGfNslnC%2FkQj%2BcSU4GAdTqmqqc3lWo%3D&amp;reserved=3D0</a><=
br>
Director, Highland Sun <a href=3D"https://na=
m01.safelinks.protection.outlook.com/?url=3Dhttp%3A%2F%2Fhighlandsun.com%2F=
hyc%2F&amp;data=3D02%7C01%7C%7Cdeffc420629649af454408d6c8d6f129%7C84df9=
e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636917222820865922&amp;sdata=3DSH=
ju26Gxu5dToV%2BuCYDxBMZQS5qJZvREcg9q0CEg2bo%3D&amp;reserved=3D0">
https://nam01.safelinks.protection.outlook.com/?url=3Dhttp%3A%2F%2Fhighland=
sun.com%2Fhyc%2F&amp;data=3D02%7C01%7C%7Cdeffc420629649af454408d6c8d6f1=
29%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636917222820865922&amp;=
sdata=3DSHju26Gxu5dToV%2BuCYDxBMZQS5qJZvREcg9q0CEg2bo%3D&amp;reserved=
=3D0</a><br>
Chief Architect, OpenLDAP <a href=3D"https://nam01.safelinks.p=
rotection.outlook.com/?url=3Dhttp%3A%2F%2Fwww.openldap.org%2Fproject%2F&=
;amp;data=3D02%7C01%7C%7Cdeffc420629649af454408d6c8d6f129%7C84df9e7fe9f640a=
fb435aaaaaaaaaaaa%7C1%7C0%7C636917222820865922&amp;sdata=3DfJ7LIrWHv%2F=
G4CJGrx%2BClsFoldJfri%2Bdk7WN59Bt45jU%3D&amp;reserved=3D0">
https://nam01.safelinks.protection.outlook.com/?url=3Dhttp%3A%2F%2Fwww.open=
ldap.org%2Fproject%2F&amp;data=3D02%7C01%7C%7Cdeffc420629649af454408d6c=
8d6f129%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636917222820865922&=
;amp;sdata=3DfJ7LIrWHv%2FG4CJGrx%2BClsFoldJfri%2Bdk7WN59Bt45jU%3D&amp;r=
eserved=3D0</a><br>
</div>
</span></font></div>
</div>
</body>
</html>
--_000_MWHPR08MB24000D77048AFCF7465C4397B53C0MWHPR08MB2400namp_--