Bug 112275

Summary: Applications using OpenSSL crash when handling certs with Subject Alternative Name fields
Product: Red Hat Enterprise Linux 3 Reporter: Jason Heiss <jheiss-bugzilla>
Component: openldapAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED DUPLICATE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0   
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-21 19:00:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jason Heiss 2003-12-16 23:14:26 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030922

Description of problem:
Applications using OpenSSL libraries crash when handling certs with
Subject Alternative Name fields.  subjectAltName fields (as OpenSSL
refers to them) allow you to define aliases for the server's hostname
in addition to the main hostname specified in the CN field of the
cert.  We use this on our LDAP server certificates.  The CN field has
the FQDN of the server and then we have subjectAltName entries like
'ldap.ee.washington.edu' (all servers) and 'ldap1.ee.washington.edu'.
 The servers are behind a load balancer, so the
'ldap.ee.washington.edu' allows clients to hit any server and have the
hostname match.

When we turn SSL on in an application that uses LDAP the application
segfaults.  If we switch the server to an SSL certificate without the
subjectAltName fields it works.

We see this behavior with the OpenLDAP command line tools
(ldapsearch), nss_ldap and a Samba server configured for LDAP.


Version-Release number of selected component (if applicable):
openssl-0.9.7a-24

How reproducible:
Always

Steps to Reproduce:
% ldapsearch -x -ZZ -h ldap.ee.washington.edu uid=temp1
Segmentation fault
% ldapsearch -x -h ldap.ee.washington.edu uid=temp1
<Normal output>


Additional info:

I believe this is the same problem described in bug 85728, which was
filed against Red Hat 9.  That bug report contains a patch submitted
by a user.
Comment 1 Jason Heiss 2003-12-18 17:07:48 UTC 
After re-reading the older bug report and experimenting with
lynx/links and openssl s_client I guess the problem isn't solely with
OpenSSL but the OpenSSL/OpenLDAP interface.  lynx/links and openssl
s_client seem to work fine against our LDAP server, so I guess it is
more LDAP specific.
As such I'm changing the component in this bug report to openldap.
Comment 2 Jason Heiss 2004-01-22 21:03:39 UTC 

*** This bug has been marked as a duplicate of 111492 ***
Comment 3 Red Hat Bugzilla 2006-02-21 19:00:26 UTC 
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.