From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20021212 Description of problem: Trying to connect to a Netware eDirectory server using ldaps, nss_ldap crasches with a Segmentation Fault. I'm using the following configuration file (/etc/ldap.conf): # The distinguished name of the search base. base o=example uri ldaps://foo.example.com/ binddn cn=admin,o=example bindpw foobar scope sub pam_password nds ssl on tls_checkpeer yes tls_cacertfile /root/TrustedRootCert.pem The following configuration file will also produce the error: uri ldaps://foo.example.com binddn cn=admin,o=example bindpw foobar scope sub ssl on pam_password nds ..so the crasch doesn't seem to be related to the checkpeer option nor the cacertfile option. I'm able to connect to this host without trouble using either stunnel or nss_ldap on a RedHat Linux 8.0 box. Also, I've tried downloading the latest nss_ldap (rel 211) from PADL.com and compiled myself, this also crasches with SegFault on RH9. Debug info from this release: nss_ldap: ==> _nss_ldap_ent_context_init nss_ldap: ==> _nss_ldap_enter nss_ldap: <== _nss_ldap_enter nss_ldap: ==> _nss_ldap_leave nss_ldap: <== _nss_ldap_leave nss_ldap: <== _nss_ldap_ent_context_init nss_ldap: ==> _nss_ldap_getent nss_ldap: ==> _nss_ldap_ent_context_init nss_ldap: ==> _nss_ldap_enter nss_ldap: <== _nss_ldap_enter nss_ldap: ==> _nss_ldap_leave nss_ldap: <== _nss_ldap_leave nss_ldap: <== _nss_ldap_ent_context_init nss_ldap: ==> _nss_ldap_enter nss_ldap: <== _nss_ldap_enter nss_ldap: ==> _nss_ldap_search nss_ldap: ==> do_open nss_ldap: ==> do_close_no_unbind nss_ldap: <== do_close_no_unbind (connection was not open) nss_ldap: ==> ldap_initialize nss_ldap: <== ldap_initialize nss_ldap: ==> do_ssl_options nss_ldap: <== do_ssl_options nss_ldap: ==> do_bind Segmentation fault (core dumped) Since this bug makes it impossible to use transport-layer security, it is a security risk since it will make people transport their passwords in cleartext over the net. Version-Release number of selected component (if applicable): 202-5 How reproducible: Always Steps to Reproduce: Use the configuration file as above in the Descriptions field, and connect to a ldaps:// URI. Additional info:
After discussion on the nssldap mailing list, I found that this bug is a duplicate of bug 85728, so please fix that instead :-). *** This bug has been marked as a duplicate of 85728 ***
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.