[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: FW: OpenLDAP 2.3.20 + OpenSSL 0.9.8a -> SSL/TLS Segmentation fault

On Thursday 16 March 2006 11:48, Jose Angel Mendia wrote:
> Hello, I'm trying to get OpenLDAP working with SSL/TLS to serve on a =
> secure port (636). I've read the admin guide, as well as other howtos, =
> but in last instance I have followed the admin guides directions. Is =
> there any other guide that could help?
> =20
> - slapd is working OK if I do a ldapsearch (or other ldap operations) to =
> ldap:// port (non secure) without TLS.
> - I've tried openssl s_server and s_client and they work fine together.
> - When I try to do a ldapsearch using ldaps:// (or ldap:// with forcing =
> TLS), I get a Segmentation fault on server side.
> - When not forcing (but trying) TLS over ldap:// port 389, TLS fails and =
> the server tries a simple connection (without TLS) and asks for the ldap =
> password. When I intro the password the client can't follow because the =
> server has given a Segmentation fault. =20
> - All permisions to the files seem to be right.=20
> - Same error with OpenLDAP 2.3.19.
> =20
> =20
> Any help would really be very welcome. Thanks in advance.
> =20
> =20
> I attach some debugging info. If it is not enough, please tell me and I =
> could send any other info you need to help me.   (I have trimmed the =
> message to fit the lists rules)=20
> 	The OS is Red Hat Enterprise Linux 4 ES Update2=20
> 	I'm not using the OpenSSL, SASL, OpenLDAP from OS, but built from =
> source.
> 	OpenLDAP is installed in /usr/local
> 	OpenSSL 0.9.8a is installed in /usr/local/ssl
> 	SASL 2.1.21 is installed in /usr/local

I have no problems when building against the  provided SSL/SASL packages on 
RHEL4, eg with these packages:


Note that you should be careful in changing versions of widely used libraries 
which break compatibility often (especially openssl), as you will in many 
cases link both to your new openssl, as well as a library that links to the 
older openssl, with both versions using the same symbol names but not being 

Is there a good reason to use a different version of openssl (0.9.7a with 
patches on RHEL)? or SASL (2.1.29 on RHEL4)?


Buchan Milne
ISP Systems Specialist

Attachment: pgp4ZKmaRy7x8.pgp
Description: PGP signature