[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: "error in SSLv3 flush data" when connecting from network

--On Thursday, March 01, 2007 12:05 PM +0200 Antonis Christofides <anthony@itia.ntua.gr> wrote:

I stopped all services that were using libldap*, then started the
compiled slapd (with -u openldap anyway, and nothing else runs as that
user, though I'm not certain the libraries aren't opened before it
switches priviliges), and still I had the same symptom.  (And my
compiled slapd is also believed to not use gnutls; it doesn't use
libldap anyway.)

I therefore don't see any evidence that the problem is really
gnutls-related.  That you can't reproduce it doesn't quite help,
you've compiled almost everything yourself.

You think I should also try to gradually compile things myself, trying
to locate which library causes the problem?  Needless to say I'd
prefer a simpler investigation path, if one exists.

Well, I think the fact that I can't reproduce it points to one of two things:

(a) A misconfiguration of slapd on your part
(b) A problem in the packaging on the part of debian

Given that SSL tends to work just fine for you as long as you aren't doing the differing debug level, I doubt it is (a), which points to (b) as the problem. There's not a whole lot the OpenLDAP folks can do as the upstream providers about that. It would need to be resolved by the debian folks.

Building out everything yourself or not is obviously your choice. I guess it depends just how much time you want to spend tracking down where the issue resides.


Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html