[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#9014) OpenLDAP modifies user provided TLS certificate before sending it to client

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#9014) OpenLDAP modifies user provided TLS certificate before sending it to client
From: hyc@symas.com
Date: Wed, 24 Apr 2019 17:43:52 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

siddjain@live.com wrote:
> --_000_MWHPR08MB24000D77048AFCF7465C4397B53C0MWHPR08MB2400namp_
> Content-Type: text/plain; charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> 
> could you send me output of running
> 
> openssl version -a
> 
> on your system? thanks

> openssl version -a
OpenSSL 1.1.1  11 Sep 2018
built on: Tue Dec  4 13:15:09 2018 UTC
platform: debian-amd64
options:  bn(64,64) rc4(8x,int) des(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-DovhWu/openssl-1.1.1=.
-fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM
-DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
OPENSSLDIR: "/usr/lib/ssl"
ENGINESDIR: "/usr/lib/x86_64-linux-gnu/engines-1.1"
Seeding source: os-specific


> 
> ________________________________
> From: Howard Chu <hyc@symas.com>
> Sent: Wednesday, April 24, 2019 10:04 AM
> To: Siddharth Jain; openldap-its@OpenLDAP.org
> Subject: Re: (ITS#9014) OpenLDAP modifies user provided TLS certificate bef=
> ore sending it to client
> 
> Siddharth Jain wrote:
>> Wow! Thanks for responding so fast. This could be a bug in docker-openlda=
> p then. we have repro'ed this in two different environments - mac and ubunt=
> u. Do you
>> have a recommendation for docker image for openldap?
> 
> As I said before, OpenLDAP doesn't touch the certificate files, it merely t=
> ells the TLS
> library where they are. You must likely have a broken TLS library.



-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#9014) OpenLDAP modifies user provided TLS certificate before sending it to client
Next by Date: Re: (ITS#9014) OpenLDAP modifies user provided TLS certificate before sending it to client
Index(es):
- Chronological
- Thread