What version of OpenSSL is required for OpenLDAP 2.4.35

[Ashwin Kumar <ashwinkumark10@gmail.com>]

I am compiling OpenLDAP 2.4.35 with OpenSSL 1.0.0a. The compilation and building the library works fine. 

However, when I am using the OpenLDAP client "ldapsearch" the tool fails with these errors:

[root@xMachine openldap-2.4.35]# ./ldaplib/bin/ldapsearch -H ldaps://192.168.1.51:10636 -d 5

ldap_url_parse_ext(ldaps://192.168.1.51:10636)

ldap_create

ldap_url_parse_ext(ldaps://192.168.1.51:10636/??base)

ldap_pvt_sasl_getmech

ldap_search

put_filter: "(objectclass=*)"

put_filter: simple

put_simple_filter: "objectclass=*"

ldap_build_search_req ATTRS: supportedSASLMechanisms

ldap_send_initial_request

ldap_new_connection 1 1 0

ldap_int_open_connection

ldap_connect_to_host: TCP 192.168.1.51:10636

ldap_new_socket: 3

ldap_prepare_socket: 3

ldap_connect_to_host: Trying 192.168.1.51:10636

ldap_pvt_connect: fd: 3 tm: -1 async: 0

attempting to connect: 

connect success

TLS trace: SSL_connect:before/connect initialization

TLS trace: SSL_connect:SSLv2/v3 write client hello A

TLS trace: SSL_connect:error in SSLv3 read server hello B

TLS trace: SSL_connect:error in SSLv3 read server hello B

TLS: can't connect: error:1411809D:SSL routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat list.

ldap_msgfree

ldap_err2string

ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

additional info: error:1411809D:SSL routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat list

1. Why does this happen?

2. Is it the issue with the OpenSSL 1.0.0a?

3. What is the minimum version of OpenSSL required to build the LDAP clients? 

--

Ashwin kumar

(http://ashwinkumar.me)