From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030922 Description of problem: Applications using OpenSSL libraries crash when handling certs with Subject Alternative Name fields. subjectAltName fields (as OpenSSL refers to them) allow you to define aliases for the server's hostname in addition to the main hostname specified in the CN field of the cert. We use this on our LDAP server certificates. The CN field has the FQDN of the server and then we have subjectAltName entries like 'ldap.ee.washington.edu' (all servers) and 'ldap1.ee.washington.edu'. The servers are behind a load balancer, so the 'ldap.ee.washington.edu' allows clients to hit any server and have the hostname match. When we turn SSL on in an application that uses LDAP the application segfaults. If we switch the server to an SSL certificate without the subjectAltName fields it works. We see this behavior with the OpenLDAP command line tools (ldapsearch), nss_ldap and a Samba server configured for LDAP. Version-Release number of selected component (if applicable): openssl-0.9.7a-24 How reproducible: Always Steps to Reproduce: % ldapsearch -x -ZZ -h ldap.ee.washington.edu uid=temp1 Segmentation fault % ldapsearch -x -h ldap.ee.washington.edu uid=temp1 <Normal output> Additional info: I believe this is the same problem described in bug 85728, which was filed against Red Hat 9. That bug report contains a patch submitted by a user.
After re-reading the older bug report and experimenting with lynx/links and openssl s_client I guess the problem isn't solely with OpenSSL but the OpenSSL/OpenLDAP interface. lynx/links and openssl s_client seem to work fine against our LDAP server, so I guess it is more LDAP specific. As such I'm changing the component in this bug report to openldap.
*** This bug has been marked as a duplicate of 111492 ***
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.