Description of problem: slapd segfaults when PEM certificate is used and olcTLSCertificateKeyFile is not set Version-Release number of selected component (if applicable): openldap-2.4.26-5.fc16.x86_64, upstream git master Steps to Reproduce: # ldapmodify -H ldapi:// -Y external dn: cn=config changetype: modify replace: olcTLSCertificateKeyFile # systemctl slapd stop # slapd -u ldap -d1 $ ldapsearch -x -ZZ -H ldap://server Actual results: TLS: loaded CA certificate file /etc/pki/tls/certs/ca-bundle.crt. TLS: error: could not find the private key for certificate PEM Token #0:slapd.pem - 0 - error -12285:Unable to find the certificate or key necessary for authentication. TLS: error: unable to find and verify server's cert and key for certificate PEM Token #0:slapd.pem - 0 Segmentation fault Expected results: server will not crash Additional info:
Created attachment 551797 [details] proposed patch (against git master) Crashes due to randomly initialized *serverKey pointer, which is untouched in tlsm_find_and_verify_cert_key and then tried to be freed with SECKEY_DestroyPrivateKey
Not critical, changing version to "rawhide".
Thank you for the review, Rich. Patch submitted upstream: http://www.openldap.org/its/index.cgi?findid=7135
Fixed in: openldap-2.4.26-6.fc16 openldap-2.4.28-3.fc17
openldap-2.4.26-6.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/openldap-2.4.26-6.fc16
Package openldap-2.4.26-6.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing openldap-2.4.26-6.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-1135/openldap-2.4.26-6.fc16 then log in and leave karma (feedback).
openldap-2.4.26-6.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.