Re: 9.0_BETA suffers from lib/53675 (ldaps won't work)

To: netbsd-users%netbsd.org@localhost
Subject: Re: 9.0_BETA suffers from lib/53675 (ldaps won't work)
From: christos%astron.com@localhost (Christos Zoulas)
Date: Thu, 8 Aug 2019 14:00:57 -0000 (UTC)

In article <xon8ss7jrf7.fsf%anduin.eldar.org@localhost>,
Brad Spencer  <brad%anduin.eldar.org@localhost> wrote:
>
>I compiled up 9.0_BETA and upgraded a 8.x DOMU.  I found that 9.0_BETA
>suffers from the bug I wrote about in lib/53675.  Basically, ldaps won't
>work.  In particular, it appears that the client code is broken as
>ldapsearch will refuse to work against an openldap server and against a
>389DS server if you try using SSL/TLS (ldaps).  I had a slightly older
>-current around with libcrypto.so.13 on it and it works fine, but
>anything with libcrypto.so.14 does not work, although the problem could
>be in the libldap library.  The upgraded DOMU did not have its packages
>updated, so those were still from the 8.x era.  A ldapsearch from pkgsrc
>of the 8.x era also worked, but it uses an older libcrypto and its own
>libldap.
>
>I won't have much time to fiddle with this problem any more right now,
>but can offer up test systems if anyone would like to help fix this.
>
>Right now, -current and 9.0_BETA are probably broken with respect to
>client use of ldaps from the base system (this includes pam_ldap and
>nss_ldap).

I just imported the latest one on HEAD. Please let me know if it fixes
your problem.

Thanks,

christos

Follow-Ups:
- Re: 9.0_BETA suffers from lib/53675 (ldaps won't work)
  - From: Brad Spencer

References:
- 9.0_BETA suffers from lib/53675 (ldaps won't work)
  - From: Brad Spencer

Prev by Date: 9.0_BETA suffers from lib/53675 (ldaps won't work)
Next by Date: State of ZFS in 9.0_BETA
Previous by Thread: 9.0_BETA suffers from lib/53675 (ldaps won't work)
Next by Thread: Re: 9.0_BETA suffers from lib/53675 (ldaps won't work)
Indexes:

Home | Main Index | Thread Index | Old Index