[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: FW: OpenLDAP 2.3.20 + OpenSSL 0.9.8a -> SSL/TLS Segmentation fault

To: "Jose Angel Mendia" <JoseAngel.Mendia@esi.es>
Subject: Re: FW: OpenLDAP 2.3.20 + OpenSSL 0.9.8a -> SSL/TLS Segmentation fault
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Fri, 17 Mar 2006 17:35:54 +0200
Cc: openldap-software@OpenLDAP.org
In-reply-to: <2222905F268D384BBAF80AF4CF9C17D6020ED603@hermes.esi.es>
Organization: Telkom Internet
References: <2222905F268D384BBAF80AF4CF9C17D6020ED603@hermes.esi.es>
User-agent: KMail/1.9.1

On Thursday 16 March 2006 11:48, Jose Angel Mendia wrote:
> Hello, I'm trying to get OpenLDAP working with SSL/TLS to serve on a =
> secure port (636). I've read the admin guide, as well as other howtos, =
> but in last instance I have followed the admin guides directions. Is =
> there any other guide that could help?
> =20
> - slapd is working OK if I do a ldapsearch (or other ldap operations) to =
> ldap:// port (non secure) without TLS.
> - I've tried openssl s_server and s_client and they work fine together.
> - When I try to do a ldapsearch using ldaps:// (or ldap:// with forcing =
> TLS), I get a Segmentation fault on server side.
> - When not forcing (but trying) TLS over ldap:// port 389, TLS fails and =
> the server tries a simple connection (without TLS) and asks for the ldap =
> password. When I intro the password the client can't follow because the =
> server has given a Segmentation fault. =20
> - All permisions to the files seem to be right.=20
> - Same error with OpenLDAP 2.3.19.
> =20
> =20
> Any help would really be very welcome. Thanks in advance.
> =20
> =20
> I attach some debugging info. If it is not enough, please tell me and I =
> could send any other info you need to help me.   (I have trimmed the =
> message to fit the lists rules)=20
>
> 	The OS is Red Hat Enterprise Linux 4 ES Update2=20
> 	I'm not using the OpenSSL, SASL, OpenLDAP from OS, but built from =
> source.
> 	OpenLDAP is installed in /usr/local
> 	OpenSSL 0.9.8a is installed in /usr/local/ssl
> 	SASL 2.1.21 is installed in /usr/local
>

I have no problems when building against the  provided SSL/SASL packages on 
RHEL4, eg with these packages:

http://anorien.csc.warwick.ac.uk/mirrors/buchan/openldap/rhel4/

Note that you should be careful in changing versions of widely used libraries 
which break compatibility often (especially openssl), as you will in many 
cases link both to your new openssl, as well as a library that links to the 
older openssl, with both versions using the same symbol names but not being 
binary-compatible.

Is there a good reason to use a different version of openssl (0.9.7a with 
patches on RHEL)? or SASL (2.1.29 on RHEL4)?

Regards,
Buchan

-- 
Buchan Milne
ISP Systems Specialist
B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)

Attachment: pgp4ZKmaRy7x8.pgp
Description: PGP signature

References:
- FW: OpenLDAP 2.3.20 + OpenSSL 0.9.8a -> SSL/TLS Segmentation fault
  - From: "Jose Angel Mendia" <JoseAngel.Mendia@esi.es>

Prev by Date: Re: OpenLDAP performance vs. PostgreSQL
Next by Date: Re: Access control in slapd.conf
Index(es):
- Chronological
- Thread