[Date Prev][Date Next] [Chronological] [Thread] [Top]
Re: (ITS#9014) OpenLDAP modifies user provided TLS certificate before sending it to client

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#9014) OpenLDAP modifies user provided TLS certificate before sending it to client
From: siddjain@live.com
Date: Wed, 24 Apr 2019 17:34:10 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)
--_000_MWHPR08MB24000D77048AFCF7465C4397B53C0MWHPR08MB2400namp_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

could you send me output of running

openssl version -a

on your system? thanks

________________________________
From: Howard Chu <hyc@symas.com>
Sent: Wednesday, April 24, 2019 10:04 AM
To: Siddharth Jain; openldap-its@OpenLDAP.org
Subject: Re: (ITS#9014) OpenLDAP modifies user provided TLS certificate bef=
ore sending it to client

Siddharth Jain wrote:
> Wow! Thanks for responding so fast. This could be a bug in docker-openlda=
p then. we have repro'ed this in two different environments - mac and ubunt=
u. Do you
> have a recommendation for docker image for openldap?

As I said before, OpenLDAP doesn't touch the certificate files, it merely t=
ells the TLS
library where they are. You must likely have a broken TLS library.
  -------------------------------------------------------------------------=
---------------------------------------------------------------------------=
------------
> *From:* Howard Chu <hyc@symas.com>
> *Sent:* Wednesday, April 24, 2019 9:42 AM
> *To:* Siddharth Jain; openldap-its@OpenLDAP.org
> *Subject:* Re: (ITS#9014) OpenLDAP modifies user provided TLS certificate=
 before sending it to client
>
> Siddharth Jain wrote:
>> we have documented complete steps to repro the bug here <https://nam01.s=
afelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fgithub.com%2Fsiddjain%=
2Fopenldap-bug&amp;data=3D02%7C01%7C%7Cdeffc420629649af454408d6c8d6f129%7C8=
4df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636917222820865922&amp;sdata=3Dsx=
jXXBtCMOjbK5AZCpLTObP%2BIlJRAxXUK7LpLzUDD%2FM%3D&amp;reserved=3D0> with
> container logs.
>
> I see no error here.
>
> Using your cert/key files:

> There is no OpenLDAP bug here. Your server environment is broken.


--
  -- Howard Chu
  CTO, Symas Corp.           https://nam01.safelinks.protection.outlook.com=
/?url=3Dhttp%3A%2F%2Fwww.symas.com&amp;data=3D02%7C01%7C%7Cdeffc420629649af=
454408d6c8d6f129%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C6369172228208=
65922&amp;sdata=3DX5JT6j5%2BQ2BAsKGfNslnC%2FkQj%2BcSU4GAdTqmqqc3lWo%3D&amp;=
reserved=3D0
  Director, Highland Sun     https://nam01.safelinks.protection.outlook.com=
/?url=3Dhttp%3A%2F%2Fhighlandsun.com%2Fhyc%2F&amp;data=3D02%7C01%7C%7Cdeffc=
420629649af454408d6c8d6f129%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C63=
6917222820865922&amp;sdata=3DSHju26Gxu5dToV%2BuCYDxBMZQS5qJZvREcg9q0CEg2bo%=
3D&amp;reserved=3D0
  Chief Architect, OpenLDAP  https://nam01.safelinks.protection.outlook.com=
/?url=3Dhttp%3A%2F%2Fwww.openldap.org%2Fproject%2F&amp;data=3D02%7C01%7C%7C=
deffc420629649af454408d6c8d6f129%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0=
%7C636917222820865922&amp;sdata=3DfJ7LIrWHv%2FG4CJGrx%2BClsFoldJfri%2Bdk7WN=
59Bt45jU%3D&amp;reserved=3D0

--_000_MWHPR08MB24000D77048AFCF7465C4397B53C0MWHPR08MB2400namp_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-=
1">
<style type=3D"text/css" style=3D"display:none;"> P {margin-top:0;margin-bo=
ttom:0;} </style>
</head>
<body dir=3D"ltr">
<div style=3D"font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;=
 color: rgb(0, 0, 0);">
could you send me output of running&nbsp;
<p style=3D"margin: 0px; font: 11px Menlo; background-color: rgb(255, 255, =
255); margin: 0px; background-color: rgb(255, 255, 255)">
<span style=3D"font-variant-ligatures: no-common-ligatures; font-variant-li=
gatures: no-common-ligatures">openssl version -a</span></p>
<p style=3D"margin: 0px; font: 11px Menlo; background-color: rgb(255, 255, =
255); margin: 0px; background-color: rgb(255, 255, 255)">
<span style=3D"font-variant-ligatures: no-common-ligatures; font-variant-li=
gatures: no-common-ligatures">on your system? thanks</span></p>
</div>
<div>
<div id=3D"appendonsend"></div>
<div style=3D"font-family:Calibri,Helvetica,sans-serif; font-size:12pt; col=
or:rgb(0,0,0)">
<br>
</div>
<hr tabindex=3D"-1" style=3D"display:inline-block; width:98%">
<div id=3D"divRplyFwdMsg" dir=3D"ltr"><font face=3D"Calibri, sans-serif" co=
lor=3D"#000000" style=3D"font-size:11pt"><b>From:</b> Howard Chu &lt;hyc@sy=
mas.com&gt;<br>
<b>Sent:</b> Wednesday, April 24, 2019 10:04 AM<br>
<b>To:</b> Siddharth Jain; openldap-its@OpenLDAP.org<br>
<b>Subject:</b> Re: (ITS#9014) OpenLDAP modifies user provided TLS certific=
ate before sending it to client</font>
<div>&nbsp;</div>
</div>
<div class=3D"BodyFragment"><font size=3D"2"><span style=3D"font-size:11pt"=
>
<div class=3D"PlainText">Siddharth Jain wrote:<br>
&gt; Wow! Thanks for responding so fast. This could be a bug in docker-open=
ldap then. we have repro'ed this in two different environments - mac and ub=
untu. Do you<br>
&gt; have a recommendation for docker image for openldap?<br>
<br>
As I said before, OpenLDAP doesn't touch the certificate files, it merely t=
ells the TLS<br>
library where they are. You must likely have a broken TLS library.<br>
&nbsp; --------------------------------------------------------------------=
---------------------------------------------------------------------------=
-----------------<br>
&gt; *From:* Howard Chu &lt;hyc@symas.com&gt;<br>
&gt; *Sent:* Wednesday, April 24, 2019 9:42 AM<br>
&gt; *To:* Siddharth Jain; openldap-its@OpenLDAP.org<br>
&gt; *Subject:* Re: (ITS#9014) OpenLDAP modifies user provided TLS certific=
ate before sending it to client<br>
&gt; &nbsp;<br>
&gt; Siddharth Jain wrote:<br>
&gt;&gt; we have documented complete steps to repro the bug&nbsp;here &lt;<=
a href=3D"https://nam01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F=
%2Fgithub.com%2Fsiddjain%2Fopenldap-bug&amp;amp;data=3D02%7C01%7C%7Cdeffc42=
0629649af454408d6c8d6f129%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C6369=
17222820865922&amp;amp;sdata=3DsxjXXBtCMOjbK5AZCpLTObP%2BIlJRAxXUK7LpLzUDD%=
2FM%3D&amp;amp;reserved=3D0">https://nam01.safelinks.protection.outlook.com=
/?url=3Dhttps%3A%2F%2Fgithub.com%2Fsiddjain%2Fopenldap-bug&amp;amp;data=3D0=
2%7C01%7C%7Cdeffc420629649af454408d6c8d6f129%7C84df9e7fe9f640afb435aaaaaaaa=
aaaa%7C1%7C0%7C636917222820865922&amp;amp;sdata=3DsxjXXBtCMOjbK5AZCpLTObP%2=
BIlJRAxXUK7LpLzUDD%2FM%3D&amp;amp;reserved=3D0</a>&gt;&nbsp;with<br>
&gt; container logs.<br>
&gt; <br>
&gt; I see no error here.<br>
&gt; <br>
&gt; Using your cert/key files:<br>
<br>
&gt; There is no OpenLDAP bug here. Your server environment is broken.<br>
<br>
<br>
-- <br>
&nbsp; -- Howard Chu<br>
&nbsp; CTO, Symas Corp.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp; <a href=3D"https://nam01.safelinks.protection.outlook.com/?url=3Dh=
ttp%3A%2F%2Fwww.symas.com&amp;amp;data=3D02%7C01%7C%7Cdeffc420629649af45440=
8d6c8d6f129%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636917222820865922=
&amp;amp;sdata=3DX5JT6j5%2BQ2BAsKGfNslnC%2FkQj%2BcSU4GAdTqmqqc3lWo%3D&amp;a=
mp;reserved=3D0">
https://nam01.safelinks.protection.outlook.com/?url=3Dhttp%3A%2F%2Fwww.syma=
s.com&amp;amp;data=3D02%7C01%7C%7Cdeffc420629649af454408d6c8d6f129%7C84df9e=
7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636917222820865922&amp;amp;sdata=3DX5J=
T6j5%2BQ2BAsKGfNslnC%2FkQj%2BcSU4GAdTqmqqc3lWo%3D&amp;amp;reserved=3D0</a><=
br>
&nbsp; Director, Highland Sun&nbsp;&nbsp;&nbsp;&nbsp; <a href=3D"https://na=
m01.safelinks.protection.outlook.com/?url=3Dhttp%3A%2F%2Fhighlandsun.com%2F=
hyc%2F&amp;amp;data=3D02%7C01%7C%7Cdeffc420629649af454408d6c8d6f129%7C84df9=
e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636917222820865922&amp;amp;sdata=3DSH=
ju26Gxu5dToV%2BuCYDxBMZQS5qJZvREcg9q0CEg2bo%3D&amp;amp;reserved=3D0">
https://nam01.safelinks.protection.outlook.com/?url=3Dhttp%3A%2F%2Fhighland=
sun.com%2Fhyc%2F&amp;amp;data=3D02%7C01%7C%7Cdeffc420629649af454408d6c8d6f1=
29%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636917222820865922&amp;amp;=
sdata=3DSHju26Gxu5dToV%2BuCYDxBMZQS5qJZvREcg9q0CEg2bo%3D&amp;amp;reserved=
=3D0</a><br>
&nbsp; Chief Architect, OpenLDAP&nbsp; <a href=3D"https://nam01.safelinks.p=
rotection.outlook.com/?url=3Dhttp%3A%2F%2Fwww.openldap.org%2Fproject%2F&amp=
;amp;data=3D02%7C01%7C%7Cdeffc420629649af454408d6c8d6f129%7C84df9e7fe9f640a=
fb435aaaaaaaaaaaa%7C1%7C0%7C636917222820865922&amp;amp;sdata=3DfJ7LIrWHv%2F=
G4CJGrx%2BClsFoldJfri%2Bdk7WN59Bt45jU%3D&amp;amp;reserved=3D0">
https://nam01.safelinks.protection.outlook.com/?url=3Dhttp%3A%2F%2Fwww.open=
ldap.org%2Fproject%2F&amp;amp;data=3D02%7C01%7C%7Cdeffc420629649af454408d6c=
8d6f129%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636917222820865922&amp=
;amp;sdata=3DfJ7LIrWHv%2FG4CJGrx%2BClsFoldJfri%2Bdk7WN59Bt45jU%3D&amp;amp;r=
eserved=3D0</a><br>
</div>
</span></font></div>
</div>
</body>
</html>

--_000_MWHPR08MB24000D77048AFCF7465C4397B53C0MWHPR08MB2400namp_--
Prev by Date: Re: (ITS#9014) OpenLDAP modifies user provided TLS certificate before sending it to client
Next by Date: Re: (ITS#9014) OpenLDAP modifies user provided TLS certificate before sending it to client
Index(es):
- Chronological
- Thread