Date: Fri, 6 Jan 2006 15:43:42 -0600 (CST) From: Philip Kizer <pckizer@nostrum.com> To: FreeBSD-gnats-submit@FreeBSD.org Cc: vsevolod@FreeBSD.org Subject: ports/91422: openldap23 ports (2.3.11) fail to do SSL/TLS Message-ID: <200601062143.k06LhgaL003979@shaman.nostrum.com> Resent-Message-ID: <200601062150.k06Lo2lR021824@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 91422
>Category: ports
>Synopsis: openldap23 ports (2.3.11) fail to do SSL/TLS
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Fri Jan 06 21:50:01 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Philip Kizer
>Release: FreeBSD 6.0-STABLE i386
>Organization:
n/a
>Environment:
System: FreeBSD shaman.nostrum.com 6.0-STABLE FreeBSD 6.0-STABLE #1: Sun Nov 27 02:09:37 CST 2005 root@shaman:/usr/obj/usr/src/sys/CUSTOM i386
>Description:
openldap23-sasl-client is using OpenLDAP 2.3.11 that has a bug in TLS/SSL handling.
This was checked against up-to-date RELENG_5 and RELENG_6.
>How-To-Repeat:
sh% ldap_flags="-h operator.tamu.edu -LLL -b dc=tamu,dc=edu -x"
sh# ldapsearch -V 2>&1 | grep ldapsearch:
ldapsearch: @(#) $OpenLDAP: ldapsearch 2.3.11 (Dec 1 2005 20:51:50) $
sh% ldapsearch $ldap_flags sn=noone
sh% ldapsearch $ldap_flags -Z sn=noone
ldap_start_tls: Connect error (-11)
ldap_result: Can't contact LDAP server (-1)
>Fix:
Apply a patch to the openldap23-server port to bring it up the the current release from openldap.org (2.3.15) corrects the problem:
sh# ldap_flags="-h operator.tamu.edu -LLL -b dc=tamu,dc=edu -x"
sh# ldapsearch -V 2>&1 | grep ldapsearch:
ldapsearch: @(#) $OpenLDAP: ldapsearch 2.3.15 (Jan 6 2006 15:05:06) $
sh# ldapsearch $ldap_flags sn=noone
sh# ldapsearch $ldap_flags -Z sn=noone
The trivial changes I used are as follows (I was able to build, install, and package and verify it works; but, I have not had a chance to
test any other dependent ports):
% diff -ru ../openldap23-server-old .
diff -ru ../openldap23-server-old/Makefile ./Makefile
--- ../openldap23-server-old/Makefile Tue Nov 15 00:50:32 2005
+++ ./Makefile Fri Jan 6 15:34:23 2006
@@ -6,7 +6,7 @@
#
PORTNAME= openldap
-DISTVERSION= 2.3.11
+DISTVERSION= 2.3.15
PORTREVISION= ${OPENLDAP_PORTREVISION}
CATEGORIES= net databases
MASTER_SITES= ftp://ftp.OpenLDAP.org/pub/OpenLDAP/%SUBDIR%/ \
@@ -87,10 +87,10 @@
OPENLDAP_PKGFILESUFX=
.if defined(WITH_SASL) && !defined(WITHOUT_SASL)
-RUN_DEPENDS= ${LOCALBASE}/lib/libldap-2.3.so.1:${PORTSDIR}/net/openldap23-sasl-client
+RUN_DEPENDS= ${LOCALBASE}/lib/libldap-2.3.so.2:${PORTSDIR}/net/openldap23-sasl-client
CONFLICTS= ${PKGNAMEPREFIX}${PORTNAME}-client-2.*
.else
-RUN_DEPENDS= ${LOCALBASE}/lib/libldap-2.3.so.1:${PORTSDIR}/net/openldap23-client
+RUN_DEPENDS= ${LOCALBASE}/lib/libldap-2.3.so.2:${PORTSDIR}/net/openldap23-client
CONFLICTS= ${PKGNAMEPREFIX}${PORTNAME}-sasl-client-2.*
.endif
diff -ru ../openldap23-server-old/distinfo ./distinfo
--- ../openldap23-server-old/distinfo Wed Oct 19 08:08:10 2005
+++ ./distinfo Fri Jan 6 15:34:12 2006
@@ -1,2 +1,2 @@
-MD5 (openldap-2.3.11.tgz) = fbde128a8421b8d2ea587a25057a281e
-SIZE (openldap-2.3.11.tgz) = 3657646
+MD5 (openldap-2.3.15.tgz) = 5553c4238c3f7ed114c89aa141e8fdc7
+SIZE (openldap-2.3.15.tgz) = 3714895
diff -ru ../openldap23-server-old/pkg-plist ./pkg-plist
--- ../openldap23-server-old/pkg-plist Thu Sep 15 06:47:23 2005
+++ ./pkg-plist Fri Jan 6 15:02:59 2006
@@ -11,38 +11,38 @@
%%SLAPI%%lib/libslapi.a
%%SLAPI%%lib/libslapi.so
%%SLAPI%%lib/libslapi-2.3.so
-%%SLAPI%%lib/libslapi-2.3.so.1
+%%SLAPI%%lib/libslapi-2.3.so.2
%%MODULES%%@exec mkdir -p %D/libexec/openldap
%%BACK_BDB%%libexec/openldap/back_bdb.so
%%BACK_BDB%%libexec/openldap/back_bdb-2.3.so
-%%BACK_BDB%%libexec/openldap/back_bdb-2.3.so.1
+%%BACK_BDB%%libexec/openldap/back_bdb-2.3.so.2
%%BACK_HDB%%libexec/openldap/back_hdb.so
%%BACK_HDB%%libexec/openldap/back_hdb-2.3.so
-%%BACK_HDB%%libexec/openldap/back_hdb-2.3.so.1
+%%BACK_HDB%%libexec/openldap/back_hdb-2.3.so.2
%%BACKEND%%libexec/openldap/back_ldap.so
%%BACKEND%%libexec/openldap/back_ldap-2.3.so
-%%BACKEND%%libexec/openldap/back_ldap-2.3.so.1
+%%BACKEND%%libexec/openldap/back_ldap-2.3.so.2
%%BACKEND%%libexec/openldap/back_ldbm.so
%%BACKEND%%libexec/openldap/back_ldbm-2.3.so
-%%BACKEND%%libexec/openldap/back_ldbm-2.3.so.1
+%%BACKEND%%libexec/openldap/back_ldbm-2.3.so.2
%%BACKEND%%libexec/openldap/back_meta.so
%%BACKEND%%libexec/openldap/back_meta-2.3.so
-%%BACKEND%%libexec/openldap/back_meta-2.3.so.1
+%%BACKEND%%libexec/openldap/back_meta-2.3.so.2
%%BACKEND%%libexec/openldap/back_monitor.so
%%BACKEND%%libexec/openldap/back_monitor-2.3.so
-%%BACKEND%%libexec/openldap/back_monitor-2.3.so.1
+%%BACKEND%%libexec/openldap/back_monitor-2.3.so.2
%%BACKEND%%libexec/openldap/back_null.so
%%BACKEND%%libexec/openldap/back_null-2.3.so
-%%BACKEND%%libexec/openldap/back_null-2.3.so.1
+%%BACKEND%%libexec/openldap/back_null-2.3.so.2
%%BACK_PERL%%libexec/openldap/back_perl.so
%%BACK_PERL%%libexec/openldap/back_perl-2.3.so
-%%BACK_PERL%%libexec/openldap/back_perl-2.3.so.1
+%%BACK_PERL%%libexec/openldap/back_perl-2.3.so.2
%%BACK_SHELL%%libexec/openldap/back_shell.so
%%BACK_SHELL%%libexec/openldap/back_shell-2.3.so
-%%BACK_SHELL%%libexec/openldap/back_shell-2.3.so.1
+%%BACK_SHELL%%libexec/openldap/back_shell-2.3.so.2
%%BACK_SQL%%libexec/openldap/back_sql.so
%%BACK_SQL%%libexec/openldap/back_sql-2.3.so
-%%BACK_SQL%%libexec/openldap/back_sql-2.3.so.1
+%%BACK_SQL%%libexec/openldap/back_sql-2.3.so.2
libexec/slapd
libexec/slurpd
@unexec rmdir %D/libexec/openldap 2>/dev/null || true
diff -ru ../openldap23-server-old/pkg-plist.client ./pkg-plist.client
--- ../openldap23-server-old/pkg-plist.client Thu Sep 15 06:47:23 2005
+++ ./pkg-plist.client Fri Jan 6 15:03:04 2006
@@ -22,15 +22,15 @@
lib/liblber.a
lib/liblber.so
lib/liblber-2.3.so
-lib/liblber-2.3.so.1
+lib/liblber-2.3.so.2
lib/libldap.a
lib/libldap.so
lib/libldap-2.3.so
-lib/libldap-2.3.so.1
+lib/libldap-2.3.so.2
lib/libldap_r.a
lib/libldap_r.so
lib/libldap_r-2.3.so
-lib/libldap_r-2.3.so.1
+lib/libldap_r-2.3.so.2
@comment share/openldap/ucdata/case.dat
@comment share/openldap/ucdata/cmbcl.dat
@comment share/openldap/ucdata/comp.dat
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601062143.k06LhgaL003979>