Date: Fri, 6 Jan 2006 15:43:42 -0600 (CST) From: Philip Kizer <pckizer@nostrum.com> To: FreeBSD-gnats-submit@FreeBSD.org Cc: vsevolod@FreeBSD.org Subject: ports/91422: openldap23 ports (2.3.11) fail to do SSL/TLS Message-ID: <200601062143.k06LhgaL003979@shaman.nostrum.com> Resent-Message-ID: <200601062150.k06Lo2lR021824@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 91422 >Category: ports >Synopsis: openldap23 ports (2.3.11) fail to do SSL/TLS >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Jan 06 21:50:01 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Philip Kizer >Release: FreeBSD 6.0-STABLE i386 >Organization: n/a >Environment: System: FreeBSD shaman.nostrum.com 6.0-STABLE FreeBSD 6.0-STABLE #1: Sun Nov 27 02:09:37 CST 2005 root@shaman:/usr/obj/usr/src/sys/CUSTOM i386 >Description: openldap23-sasl-client is using OpenLDAP 2.3.11 that has a bug in TLS/SSL handling. This was checked against up-to-date RELENG_5 and RELENG_6. >How-To-Repeat: sh% ldap_flags="-h operator.tamu.edu -LLL -b dc=tamu,dc=edu -x" sh# ldapsearch -V 2>&1 | grep ldapsearch: ldapsearch: @(#) $OpenLDAP: ldapsearch 2.3.11 (Dec 1 2005 20:51:50) $ sh% ldapsearch $ldap_flags sn=noone sh% ldapsearch $ldap_flags -Z sn=noone ldap_start_tls: Connect error (-11) ldap_result: Can't contact LDAP server (-1) >Fix: Apply a patch to the openldap23-server port to bring it up the the current release from openldap.org (2.3.15) corrects the problem: sh# ldap_flags="-h operator.tamu.edu -LLL -b dc=tamu,dc=edu -x" sh# ldapsearch -V 2>&1 | grep ldapsearch: ldapsearch: @(#) $OpenLDAP: ldapsearch 2.3.15 (Jan 6 2006 15:05:06) $ sh# ldapsearch $ldap_flags sn=noone sh# ldapsearch $ldap_flags -Z sn=noone The trivial changes I used are as follows (I was able to build, install, and package and verify it works; but, I have not had a chance to test any other dependent ports): % diff -ru ../openldap23-server-old . diff -ru ../openldap23-server-old/Makefile ./Makefile --- ../openldap23-server-old/Makefile Tue Nov 15 00:50:32 2005 +++ ./Makefile Fri Jan 6 15:34:23 2006 @@ -6,7 +6,7 @@ # PORTNAME= openldap -DISTVERSION= 2.3.11 +DISTVERSION= 2.3.15 PORTREVISION= ${OPENLDAP_PORTREVISION} CATEGORIES= net databases MASTER_SITES= ftp://ftp.OpenLDAP.org/pub/OpenLDAP/%SUBDIR%/ \ @@ -87,10 +87,10 @@ OPENLDAP_PKGFILESUFX= .if defined(WITH_SASL) && !defined(WITHOUT_SASL) -RUN_DEPENDS= ${LOCALBASE}/lib/libldap-2.3.so.1:${PORTSDIR}/net/openldap23-sasl-client +RUN_DEPENDS= ${LOCALBASE}/lib/libldap-2.3.so.2:${PORTSDIR}/net/openldap23-sasl-client CONFLICTS= ${PKGNAMEPREFIX}${PORTNAME}-client-2.* .else -RUN_DEPENDS= ${LOCALBASE}/lib/libldap-2.3.so.1:${PORTSDIR}/net/openldap23-client +RUN_DEPENDS= ${LOCALBASE}/lib/libldap-2.3.so.2:${PORTSDIR}/net/openldap23-client CONFLICTS= ${PKGNAMEPREFIX}${PORTNAME}-sasl-client-2.* .endif diff -ru ../openldap23-server-old/distinfo ./distinfo --- ../openldap23-server-old/distinfo Wed Oct 19 08:08:10 2005 +++ ./distinfo Fri Jan 6 15:34:12 2006 @@ -1,2 +1,2 @@ -MD5 (openldap-2.3.11.tgz) = fbde128a8421b8d2ea587a25057a281e -SIZE (openldap-2.3.11.tgz) = 3657646 +MD5 (openldap-2.3.15.tgz) = 5553c4238c3f7ed114c89aa141e8fdc7 +SIZE (openldap-2.3.15.tgz) = 3714895 diff -ru ../openldap23-server-old/pkg-plist ./pkg-plist --- ../openldap23-server-old/pkg-plist Thu Sep 15 06:47:23 2005 +++ ./pkg-plist Fri Jan 6 15:02:59 2006 @@ -11,38 +11,38 @@ %%SLAPI%%lib/libslapi.a %%SLAPI%%lib/libslapi.so %%SLAPI%%lib/libslapi-2.3.so -%%SLAPI%%lib/libslapi-2.3.so.1 +%%SLAPI%%lib/libslapi-2.3.so.2 %%MODULES%%@exec mkdir -p %D/libexec/openldap %%BACK_BDB%%libexec/openldap/back_bdb.so %%BACK_BDB%%libexec/openldap/back_bdb-2.3.so -%%BACK_BDB%%libexec/openldap/back_bdb-2.3.so.1 +%%BACK_BDB%%libexec/openldap/back_bdb-2.3.so.2 %%BACK_HDB%%libexec/openldap/back_hdb.so %%BACK_HDB%%libexec/openldap/back_hdb-2.3.so -%%BACK_HDB%%libexec/openldap/back_hdb-2.3.so.1 +%%BACK_HDB%%libexec/openldap/back_hdb-2.3.so.2 %%BACKEND%%libexec/openldap/back_ldap.so %%BACKEND%%libexec/openldap/back_ldap-2.3.so -%%BACKEND%%libexec/openldap/back_ldap-2.3.so.1 +%%BACKEND%%libexec/openldap/back_ldap-2.3.so.2 %%BACKEND%%libexec/openldap/back_ldbm.so %%BACKEND%%libexec/openldap/back_ldbm-2.3.so -%%BACKEND%%libexec/openldap/back_ldbm-2.3.so.1 +%%BACKEND%%libexec/openldap/back_ldbm-2.3.so.2 %%BACKEND%%libexec/openldap/back_meta.so %%BACKEND%%libexec/openldap/back_meta-2.3.so -%%BACKEND%%libexec/openldap/back_meta-2.3.so.1 +%%BACKEND%%libexec/openldap/back_meta-2.3.so.2 %%BACKEND%%libexec/openldap/back_monitor.so %%BACKEND%%libexec/openldap/back_monitor-2.3.so -%%BACKEND%%libexec/openldap/back_monitor-2.3.so.1 +%%BACKEND%%libexec/openldap/back_monitor-2.3.so.2 %%BACKEND%%libexec/openldap/back_null.so %%BACKEND%%libexec/openldap/back_null-2.3.so -%%BACKEND%%libexec/openldap/back_null-2.3.so.1 +%%BACKEND%%libexec/openldap/back_null-2.3.so.2 %%BACK_PERL%%libexec/openldap/back_perl.so %%BACK_PERL%%libexec/openldap/back_perl-2.3.so -%%BACK_PERL%%libexec/openldap/back_perl-2.3.so.1 +%%BACK_PERL%%libexec/openldap/back_perl-2.3.so.2 %%BACK_SHELL%%libexec/openldap/back_shell.so %%BACK_SHELL%%libexec/openldap/back_shell-2.3.so -%%BACK_SHELL%%libexec/openldap/back_shell-2.3.so.1 +%%BACK_SHELL%%libexec/openldap/back_shell-2.3.so.2 %%BACK_SQL%%libexec/openldap/back_sql.so %%BACK_SQL%%libexec/openldap/back_sql-2.3.so -%%BACK_SQL%%libexec/openldap/back_sql-2.3.so.1 +%%BACK_SQL%%libexec/openldap/back_sql-2.3.so.2 libexec/slapd libexec/slurpd @unexec rmdir %D/libexec/openldap 2>/dev/null || true diff -ru ../openldap23-server-old/pkg-plist.client ./pkg-plist.client --- ../openldap23-server-old/pkg-plist.client Thu Sep 15 06:47:23 2005 +++ ./pkg-plist.client Fri Jan 6 15:03:04 2006 @@ -22,15 +22,15 @@ lib/liblber.a lib/liblber.so lib/liblber-2.3.so -lib/liblber-2.3.so.1 +lib/liblber-2.3.so.2 lib/libldap.a lib/libldap.so lib/libldap-2.3.so -lib/libldap-2.3.so.1 +lib/libldap-2.3.so.2 lib/libldap_r.a lib/libldap_r.so lib/libldap_r-2.3.so -lib/libldap_r-2.3.so.1 +lib/libldap_r-2.3.so.2 @comment share/openldap/ucdata/case.dat @comment share/openldap/ucdata/cmbcl.dat @comment share/openldap/ucdata/comp.dat >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601062143.k06LhgaL003979>