Bug 1999036
Summary: | Backport TLS SNI feature from OpenLDAP 2.5 | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Christian Heimes <cheimes> | ||||
Component: | openldap | Assignee: | Simon Pichugin <spichugi> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | urgent | ||||||
Version: | 34 | CC: | lance, spichugi, tbordaz, vashirov | ||||
Target Milestone: | --- | Keywords: | Triaged | ||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | sync-to-jira | ||||||
Fixed In Version: | openldap-2.4.57-6.fc34 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | |||||||
: | 2009533 2009534 (view as bug list) | Environment: | |||||
Last Closed: | 2021-10-16 20:43:28 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 2009533, 2009534 | ||||||
Attachments: |
|
Description
Christian Heimes
2021-08-30 09:49:19 UTC
I have tested your scratch build https://koji.fedoraproject.org/koji/taskinfo?taskID=75616846 . Wireshark's command line tool shows that the client library is sending a TLS SNI extension with correct hostname. The unpatched version openldap-2.4.59-3.fc35.x86_64 does not send the TLS SNI extension. # rpm -qa openldap openldap-2.4.59-3.fc35.x86_64 # LDAPTLS_REQCERT=never ldapsearch -H ldaps://ipa.demo1.freeipa.org -b "" -s base -x > /dev/null # tshark -Y tls.handshake.type==1 -T fields -e tls.handshake.extensions_server_name -f "port 636" Running as user "root" and group "root". This could be dangerous. Capturing on 'eth0' ipa.demo1.freeipa.org FEDORA-2021-9f40bdf3be has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-9f40bdf3be FEDORA-2021-9f40bdf3be has been pushed to the Fedora 34 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-9f40bdf3be` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-9f40bdf3be See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2021-9f40bdf3be has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report. |