[Date Prev][Date Next] [Chronological] [Thread] [Top]

recompile breaks tls

i recompiled openldap and the only thing i changed is --prefix when i ran
./configure.  now it points to /opt/openldap-2.0.7-1, as far as i can tell
everything builds and installs correctly.

however when i run it the slaves (also running the new version) can no
longer accept tls encrypted replication. even though the slaves say that
they can't accept the tls i can use "ldapsearch -ZZ" against the slave and
it works fine.  if i revert just the slave back to the old version
installed in /usr/local (the master is still the new version) it works so
i don't think it's a configuration issue.

the error from running "-d -1" on the slave are:

daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 7r
daemon: read activity on 7
connection_get(7): got connid=3
connection_read(7): checking for input on id=3
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=7
  0000:  30 05 02 01 02 42 00                               0....B.
tls_read: want=4, got=0

TLS: can't accept.
connection_read(7): TLS accept error error=-1 id=3, closing
connection_closing: readying conn=3 sd=7 for close
connection_close: conn=3 sd=7
daemon: removing 7