[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48

To: Howard Chu <hyc@symas.com>, openldap-devel@openldap.org
Subject: Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Sun, 21 Jul 2019 14:45:52 -0700
Content-disposition: inline
In-reply-to: <df0071c8-ab46-5434-1595-c0805b31ce63@symas.com>
References: <CAJoHRijg72LHC5EQT0p=ppyykvd69ik-8Ons0fdd3e7fRp1R5Q@mail.gmail.com> <20190720114150.6lcvw2vqkt7wqkty@mistotebe.net> <CAJoHRiicDsYCh55WtS16VN0h0iPz7rh_oSfutih9caEja1+3Vg@mail.gmail.com> <7D4E63B6BD40CD3B388DAC82@[192.168.1.39]> <20190720183144.GB6508@kiwi.nardis.ca> <800783fa-0f03-66eb-0136-ebb7e871e09d@symas.com> <C001FB8C78DB1EF7FD9B5E1D@[192.168.1.39]> <dfbf878e-9220-d9ff-11c8-f45d27607fde@symas.com> <0C3796D3A54046CB8CFFC6A5@[192.168.1.39]> <f4b1b61a-ac76-ac8b-b6b1-bf82366456ee@symas.com> <8C2495FF8CAD7D17C02188C9@[192.168.1.39]> <8b1f77f1-2416-ad8e-a468-a4f92a10b72e@symas.com> <B0148B683FD220EE3A8CCA4C@[192.168.1.39]> <6222c6db-b851-d872-1b5d-56a833003779@symas.com> <4BE3924CD3F7B1262F764271@[192.168.1.39]> <df0071c8-ab46-5434-1595-c0805b31ce63@symas.com>

--On Sunday, July 21, 2019 11:16 PM +0100 Howard Chu <hyc@symas.com> wrote:

I take this back. Pretty sure we've had this debate before, haven't found
it in the list archive.

We explicitly create a fresh TLS context in slapd, to eliminate any
ldap.conf initialization defaults.


Ok, so it's GnuTLS that had broken behavior and it was fixed by ITS#8427.

You also noted in IRC that you found the related ITS:<https://www.openldap.org/its/index.cgi/?findid=3109>


So GnuTLS actually introduced a regression in behavior.

--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

References:
- back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Nikos Voutsinas <nvoutsin@gmail.com>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Ondřej Kuzník <ondra@mistotebe.net>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Nikos Voutsinas <nvoutsin@gmail.com>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Ryan Tandy <ryan@nardis.ca>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Howard Chu <hyc@symas.com>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Howard Chu <hyc@symas.com>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Howard Chu <hyc@symas.com>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Howard Chu <hyc@symas.com>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Howard Chu <hyc@symas.com>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
Next by Date: Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
Index(es):
- Chronological
- Thread