+++ This bug was initially created as a clone of Bug #137581 +++ Description of problem: It should be possible to issue ldap_start_tls_s() against an OpenLDAP server that is not configured for TLS and simply have TLS not be negotiated. Unfortunately, this is not the case: the connection to the LDAP server becomes unusable. You can test this quite easily with ldapsearch: Version-Release number of selected component (if applicable): openldap-2.2.23-5 How reproducible: Always Steps to Reproduce: 1. Install openldap and make sure that the TLS lines are commented out in /etc/openldap/slapd.conf 2. Start the ldap server 3. Run, for example, "ldapsearch -Zxh localhost objectclass=*" Actual Results: Instead of getting something, anything, back from the LDAP server you get an error like this: ldap_start_tls: Connect error additional info: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure ldap_bind: Can't contact LDAP server additional info: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure Expected Results: An indication that TLS cannot be negotiated, and then carry on without TLS. The "-ZZ" option for ldapsearch requires that TLS is negotiated.
*** Bug 164413 has been marked as a duplicate of this bug. ***
This report targets the FC3 or FC4 products, which have now been EOL'd. Could you please check that it still applies to a current Fedora release, and either update the target product or close it ? Thanks.
This works fine on FC7 (openldap-2.3.34-0.fc7).