[Date Prev][Date Next]
Re: More on TLS problems
> Well, I found and fixed a number of problems:
> ldaps:// was catching SSL_Connect failure
> ldaps:// was not connecting on appropriate port
> SSL_connect was being called with SSL_VERIFY_PEER
> even when disabled
> Both ldaps:// and StartTLS appear to be working fine
> now for all devel client tools.
> StartTLS error handling/reporting is a bit odd. I
> may tune this later.
> Please test these changes so we can kick out a 2.0.1.
I've built the OpenLDAP head branch with OpenSSL and CYRUS-SASL.
One thing that slowed me down quite a bit was that 'make ldbm'
in the tests directory failed on test001-slapadd. This is due
to the following at the top of ldapsearch.out:
TLS: PRNG has not been seeded with enough data
which is due to not having a ~/.rnd file, since my operating system
(Alpha OSF) does not have a /dev/urandom device. I was hoping the
above changes fixed this, but they have not.
Since the tools use -x, and there is no -Z option being passed to
ldapsearch, can the attempt to open this file be prevented, or is
is really necessary?