[Date Prev][Date Next]
Re: TLS/SSL altNames [was: SSL certificates, kerberos keytabs, and load balancing]
On Tue, 13 Apr 2004, Medievalist wrote:
> Damnation! Thanks Kirk, you just saved me a small headache that was scheduled
> for next week.
Glad to hear it.
> Hmmm... looking at the bug reports, isn't this another side effect of Red Hat
> shipping an obsolete, known-to-be-buggy OpenLDAP package? P'raps nss_ldap is
> using the OpenLDAP libraries and inheriting the bug?
I encountered the problem first hand *after* having upgraded the
OpenLDAP libraries on an nss_ldap box to OL 2.1.25. Also, I would
expect a client problem with certificates to be due to bad OpenSSL,
not OpenLDAP, libs.
% ldd /usr/lib/libnss_ldap.so
libdl.so.2 => /lib/libdl.so.2 (0x401f1000)
libresolv.so.2 => /lib/libresolv.so.2 (0x401f5000)
libc.so.6 => /lib/tls/libc.so.6 (0x42000000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)
...it appears that the stock RH9 nss_ldap is not using shared
OpenLDAP *or* OpenSSL libs, so a rebuild of nss_ldap from the source
RPM after upgrading both may fix things.
Ohio Wesleyan University