788723 – TLS not working with latest openldap

Bug 788723 - TLS not working with latest openldap

Summary: TLS not working with latest openldap

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	389-ds-base
Sub Component:
Version:	6.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Rich Megginson
QA Contact:	IDM QE LIST
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	859216
TreeView+	depends on / blocked

Reported:	2012-02-08 22:01 UTC by Rich Megginson
Modified:	2020-09-13 20:06 UTC (History)
CC List:	3 users (show)
Fixed In Version:	389-ds-base-1.2.10.2-1.el6
Doc Type:	Bug Fix
Doc Text:	This is not a bug a customer could run into. This was fixed upstream and we wanted to track it.
Clone Of:
Clones:	859216 (view as bug list)
Environment:
Last Closed:	2012-06-20 07:13:21 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	389ds 389-ds-base issues 281	0	None	None	None	2020-09-13 20:06:21 UTC
Red Hat Product Errata	RHSA-2012:0813	0	normal	SHIPPED_LIVE	Low: 389-ds-base security, bug fix, and enhancement update	2012-06-19 19:29:15 UTC

Description Rich Megginson 2012-02-08 22:01:19 UTC

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/389/ticket/281

We are doing TLS configuration incorrectly in the 389 project.  The proper way to do it is to use ldap_set_option(ld,...) to set the TLS options such as certdir, cert, key, etc. first, then use ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &val) last, to tell openldap to create and init a new TLS context with the given configuration.

Comment 3 Jenny Severance 2012-02-14 15:16:17 UTC

Please add steps to verify/reproduce this issue

Comment 5 Rich Megginson 2012-04-16 16:33:34 UTC

(In reply to comment #3)
> Please add steps to verify/reproduce this issue

Just verify no regressions in any acceptance, long duration, etc. test that uses TLS/SSL.

Comment 6 Amita Sharma 2012-05-24 09:13:47 UTC

I dn't see any particular regressions.
Hence marking as VERIFIED.

Comment 7 Rich Megginson 2012-05-24 23:16:05 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
This is not a bug a customer could run into.  This was fixed upstream and we wanted to track it.

Comment 8 errata-xmlrpc 2012-06-20 07:13:21 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0813.html

Note You need to log in before you can comment on or make changes to this bug.