[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Certificate Signature Failure

To: Siva Kollipara <siva@CS.Arizona.EDU>
Subject: Re: Certificate Signature Failure
From: Howard Chu <hyc@symas.com>
Date: Fri, 09 Jul 2004 13:11:29 -0700
Cc: Quanah Gibson-Mount <quanah@stanford.edu>, openldap-software@OpenLDAP.org
In-reply-to: <Pine.GSO.4.58.0407091225430.6179@lectura.CS.Arizona.EDU>
References: <OF6466CE81.EC1BF6F9-ON87256ECB.00664358-06256ECB.0069ECDE@zootwe b.com> <6.0.1.1.0.20040708143413.049300f0@127.0.0.1> <Pine.GSO.4.58.0407081654250.18448@lectura.CS.Arizona.EDU> <22EC204A6177110B9F2B1D4A@cadabra-dsl.stanford.edu> <Pine.GSO.4.58.0407091225430.6179@lectura.CS.Arizona.EDU>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a2) Gecko/20040622

Siva Kollipara wrote:

i am not sure, if it were a problem with the library then it should fail
everytime i try consistently.. but this is not the case.. it only fails
when a try a particular workflow. i tried a sample application doing the
same thing and that worked fine. (i even tried a newer version of the
library - but this didnt help either)

seeking help and advice,

You've already gotten some good advice. Start by using up to date software. The current version of OpenSSL is 0.9.7d, released on March 17 2004 and containing important security fixes. Quanah has already pointed out the need to upgrade OpenLDAP.

After you've brought your software up to current revisions, if you still see the problem, debugging with something like ElectricFence may help. Generally if a program starts to misbehave after some number of runs, that tends to indicate a memory corruption somewhere, and ElectricFence may help identify it.

It's important to point out - the OpenLDAP project never releases patches to previous releases. So there's no point in diagnosing your problem on your 2.1.22 install. Patches/bugfixes are only made to the latest source. Right now that means 2.2.x; we have only two patches for 2.1 in the tree at the moment and it's doubtful that there will be any more.

Hi,
I am faced with a weird error,
when i try to bind to an ldap server, i get "Certificate Signature
Failure", i am not sure why this is coming up.
I am using 0.9.7b openssl and 2.1.22 openldap. the connections happen


OpenLDAP 2.1.22 was an extremely broken release, you need to upgrade to at
least 2.1.30, I suggest the latest stable release (2.2.13).


--
  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

Follow-Ups:
- Re: Certificate Signature Failure
  - From: Siva Kollipara <siva@CS.Arizona.EDU>

References:
- Re: make test error
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Certificate Signature Failure
  - From: Siva Kollipara <siva@CS.Arizona.EDU>
- Re: Certificate Signature Failure
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: Certificate Signature Failure
  - From: Siva Kollipara <siva@CS.Arizona.EDU>

Prev by Date: Re: Having a tough time installing OpenLDAP 2.1.30
Next by Date: Re: Certificate Signature Failure
Index(es):
- Chronological
- Thread