The default bug view has changed. See this FAQ.

ldapsdk CLU with startTLS with specified certdb fails

RESOLVED FIXED

Status

Directory
LDAP C SDK
RESOLVED FIXED
12 years ago
12 years ago

People

(Reporter: Ulf Weltman, Assigned: Rich Megginson)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050501 Firefox/1.0.3
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050501 Firefox/1.0.3

This works (with cert8.db and key3.db in the cwd):
ldapsearch -ZZ -s base -b "" "objectclass=*"

This does not work:
ldapsearch -ZZ -P /path/to/my-cert8.db -s base -b "" "objectclass=*"

Reproducible: Always

Steps to Reproduce:
1.ldapsearch -ZZ -P /path/to/my-cert8.db -s base -b "" "objectclass=*"
Actual Results:  
ldap_search: Can't contact LDAP server
    TLS/SSL error -5938 (Encountered end of file.)

Expected Results:  
Shown the results of the search.
(Reporter)

Comment 1

12 years ago
It's happening because this seems to be a valid way of running ldapsearch:
ldapsearch -P /path/to/my-cert8.db -p 636 -s base -b "" "objectclass=*"

When -P is specified, -Z (secure=1) is implied!

So with -P and -ZZZ, we end up in the wrong block of this (simplified) block in
common.c:ldaptool_ldap_init():

    if(secure) {
        ldapssl_init();
    } else if (isZZ) {
        prldap_init();
        ldap_start_tls_s();
    }
(Reporter)

Comment 2

12 years ago
Created attachment 182821 [details]
Diff on common.c for -ZZ and -P happy coexistence
(Reporter)

Updated

12 years ago
Assignee: mcs → richm

Comment 3

12 years ago
Comment on attachment 182821 [details]
Diff on common.c for -ZZ and -P happy coexistence

This change looks OK to me.
Attachment #182821 - Flags: review+
(Assignee)

Comment 4

12 years ago
Checking in mozilla/directory/c-sdk/ldap/libraries/libprldap/Makefile.in;
/cvsroot/mozilla/directory/c-sdk/ldap/libraries/libprldap/Makefile.in,v  <-- 
Makefile.in
new revision: 5.11; previous revision: 5.10
done
Checking in mozilla/directory/c-sdk/ldap/libraries/libssldap/Makefile.in;
/cvsroot/mozilla/directory/c-sdk/ldap/libraries/libssldap/Makefile.in,v  <-- 
Makefile.in
new revision: 5.9; previous revision: 5.8
done
Status: NEW → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → FIXED
(Assignee)

Comment 5

12 years ago
Ignore previous message.  This is the real CVS information.

Checking in mozilla/directory/c-sdk/ldap/clients/tools/common.c;
/cvsroot/mozilla/directory/c-sdk/ldap/clients/tools/common.c,v  <--  common.c
new revision: 5.16; previous revision: 5.15
done

You need to log in before you can comment on or make changes to this bug.