[Date Prev][Date Next] [Chronological] [Thread] [Top]

[Fwd: TLS and slurpd]


I'm moving this over the openldap-devel as this 
is becoming more of an "TLS support in the OpenLDAP
code" question.

Since my last post, I have reviewed the slurpd code in HEAD
which does not seemed to have changed much.  I noted a 
few changes in libldap/tls.c, but nothing that addressed by
current issues.

Can anyone help give me a push in the right direction.
I know this works, but for some reason, a server with 
a seemingly identical setup as a working one will not
use TLS for replication.


Cheers, jerry

Gerald Carter wrote:
> Gerald Carter wrote:
> >
> > > I've read several postings late last year about problems
> > > using slurpd with the tls=[yes|critical] option on replicas.
> > > I keep getting a
> > >
> > >         TLS: could not allocate default ctx
> > >
> > > error in the slurpd log and the connection replication fails.
> > > Is this supposed to be working in 2.0.7?  I'll keep looking
> > > through the code, but I wanted to run this quick question
> > > by everyone.
> >
> > More information after adding some debug messages....
> >
> >    TLS: could not allocate default ctx.
> >    error:140A90A1:SSL routines:SSL_CTX_new:library has no ciphers
> >
> > Now this is strange since the StartTLS command for
> > the client tools works when querying slapd.
> After much reading on the OpenSSL API, I decided to start
> fresh with a clean OpenLDAP 2.0.7 install (including
> OpenSSL 0.9.6, Cyrus SASL 1.5.24, & Berkeley DB 3.1.17
> all compiled from source).  I started a fresh RedHat 6.2
> install in a VM Ware session and set it up as
> replica.  All works fine...including replication
> using the StartTLS extended command.  Interesting....
> I need to find out what is making my other install fail.
> Just an update for those who are curious.

   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com/  VA Linux Systems   gcarter@valinux.com
       http://www.samba.org/       SAMBA Team          jerry@samba.org
       http://www.plainjoe.org/                     jerry@plainjoe.org

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )