openldap-bugs April 2010

openldap-bugs@openldap.org

45 participants
233 discussions

Re: (ITS#6524) gnutls cipher spec is unclear
by matthijs＠cacholong.nl 17 Apr '10

17 Apr '10

On Apr 16, 2010, at 6:01 PM, Howard Chu wrote: > matthijs(a)cacholong.nl wrote: >> Full_Name: Matthijs Mohlmann >> Version: 2.4.21 >> OS: Linux >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (83.163.247.203) >>=20 >>=20 >> Hi, >>=20 >> The manpage about the TLS_CIPHER_SUITE is for gnutls a bit unclear, = only an >> example for OpenSSL is provided. >>=20 >> Peter Marschall wrote a patch for this documentation issue. >=20 > If Peter wants his patch considered for inclusion in OpenLDAP he = should write to the ITS himself, we cannot accept 3rd party = contributions. >=20 >> See also: >> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D510346 >> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D563113 >>=20 >> Regards, >>=20 >> Matthijs Mohlmann >=20 >=20 > --=20 > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ Hi, What's the reasoning behind this? I'll ask Peter to file this issue in ITS. Regards, Matthijs Mohlmann

1 0

Re: (ITS#4685) Updated changelog overlay by Neil Dunbar
by sebastian＠rieger.info 16 Apr '10

16 Apr '10

This is a cryptographically signed message in MIME format. --------------ms040209080804080304070307 Content-Type: multipart/alternative; boundary="------------020001050102090908040002" This is a multi-part message in MIME format. --------------020001050102090908040002 Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: quoted-printable Hi, it's been a while, but the changelog overlay is still necessary in our=20 environment, so I changed five lines in the code to keep up with the=20 current stable version of OpenLDAP. You can find the patch and the documentation in: ftp://ftp.openldap.org/incoming/rieger-changelog-2.4.21-pkg-100416.tgz <= ftp://ftp.openldap.org/incoming/rieger-changelog-23-pkg-080706.tgz> the patch and the overlay has been tested against OpenLDAP 2.4.21. Sebastian --------------020001050102090908040002 Content-Type: text/html; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta http-equiv=3D"content-type" content=3D"text/html; charset=3DISO-885= 9-15"> </head> <body bgcolor=3D"#ffffff" text=3D"#000000"> Hi, it's been a while, but the changelog overlay is still necessary in our environment, so I changed five lines in the code to keep up with the current stable version of OpenLDAP. You can find the patch and the documentation in: <pre><a href=3D"ftp://ftp.openldap.org/incoming/rieger-changelog-23-pkg-080706.t= gz">ftp://ftp.openldap.org/incoming/rieger-changelog-2.4.21-pkg-100416.tg= z</a> the patch and the overlay has been tested against OpenLDAP 2.4.21. </pre> Sebastian </body> </html> --------------020001050102090908040002-- --------------ms040209080804080304070307 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIWAjCC BwowggXyoAMCAQICAwCdWDANBgkqhkiG9w0BAQUFADCBjDELMAkGA1UEBhMCSUwxFjAUBgNV BAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRl IFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlh dGUgQ2xpZW50IENBMB4XDTA5MDkyNjAwMDAwMVoXDTEwMDkyNjIzNTk1OVowcTEeMBwGA1UE ChMVUGVyc29uYSBOb3QgVmFsaWRhdGVkMSkwJwYDVQQDEyBTdGFydENvbSBGcmVlIENlcnRp ZmljYXRlIE1lbWJlcjEkMCIGCSqGSIb3DQEJARYVc2ViYXN0aWFuQHJpZWdlci5pbmZvMIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtbXkuAbQ11bUAkNHp59cKjUVBRE0xNY F1wt9Yeb0HqnulERLuDAgSChPh1v2HoCwNtYlSrSbBaL6Hs2zXt/ATrUgkBi0FNuUAGVKubd sQN118tW1jMEaUmSsVO0vaj509jGL+81kkq0raPcqgQqvMwYs1ZShfH/WpkzKGUwvpthZxCG U1sGQPIgR7iiE2J6b9mb71D1QiGs9A2KcBBpTPUAleHz4QPG+x7LUzMuVzpZ51rTXd9T59Fv r3x4tsgLQ7JZgNPwQ1XOaIDdpC2FItDK9nNIvTkeYfo6+Ue456/ZHSCUkFzJNYZteWXux10k T4UKS5+jfv+CTVMeDR8iUQIDAQABo4IDjTCCA4kwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAw HQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBTscNXjgXcy8YBjZv0h XzV2WlkSHTAgBgNVHREEGTAXgRVzZWJhc3RpYW5AcmllZ2VyLmluZm8wgagGA1UdIwSBoDCB nYAUU3Ltkpzg2ssBXHx+ljVO8tS4UYKhgYGkfzB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMN U3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2ln bmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQ0wggFH BgNVHSAEggE+MIIBOjCCATYGCysGAQQBgbU3AQIBMIIBJTAuBggrBgEFBQcCARYiaHR0cDov L3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjA0BggrBgEFBQcCARYoaHR0cDovL3d3dy5z dGFydHNzbC5jb20vaW50ZXJtZWRpYXRlLnBkZjCBvAYIKwYBBQUHAgIwga8wFBYNU3RhcnRD b20gTHRkLjADAgEBGoGWTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxl Z2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3Jp dHkgUG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3ku cGRmMGMGA1UdHwRcMFowK6ApoCeGJWh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL2NydHUxLWNy bC5jcmwwK6ApoCeGJWh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUxLWNybC5jcmwwgY4G CCsGAQUFBwEBBIGBMH8wOQYIKwYBBQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9z dWIvY2xhc3MxL2NsaWVudC9jYTBCBggrBgEFBQcwAoY2aHR0cDovL3d3dy5zdGFydHNzbC5j b20vY2VydHMvc3ViLmNsYXNzMS5jbGllbnQuY2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93 d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUFAAOCAQEARMqy5GWeKJXpUBwrSjtO0gWn XSZyW49x2M2Nne+zG6xXAf6We+gl4dpnktuVc3a8fk9syfjYHdRF5adWC/5E/rpq7SB3jMsA G8BfnOpQXzJlTNPda3YLcE328AtxGBAM+4HZSIBGDLeaLU0V+ZdTq6J+q+Z+vtsWtAe4gyIi w7kDbkJ8Q726Q4jW5AitmC7O/3JV7nZ3i5cboYRK6jduxSH7NRKa2SLqvQel7rfZDeYMzK9o PHXYgwkddPSrwaF/0Wtrkk3sKuswOzyQB6/4S4mkuT8bFuox4puIJwyi2LMQeuXmHN9Vny/9 Roo6FB32sgdjlZbzSTGblhFCaM9n9TCCBwowggXyoAMCAQICAwCdWDANBgkqhkiG9w0BAQUF ADCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNl Y3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENs YXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBMB4XDTA5MDkyNjAwMDAwMVoX DTEwMDkyNjIzNTk1OVowcTEeMBwGA1UEChMVUGVyc29uYSBOb3QgVmFsaWRhdGVkMSkwJwYD VQQDEyBTdGFydENvbSBGcmVlIENlcnRpZmljYXRlIE1lbWJlcjEkMCIGCSqGSIb3DQEJARYV c2ViYXN0aWFuQHJpZWdlci5pbmZvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA wtbXkuAbQ11bUAkNHp59cKjUVBRE0xNYF1wt9Yeb0HqnulERLuDAgSChPh1v2HoCwNtYlSrS bBaL6Hs2zXt/ATrUgkBi0FNuUAGVKubdsQN118tW1jMEaUmSsVO0vaj509jGL+81kkq0raPc qgQqvMwYs1ZShfH/WpkzKGUwvpthZxCGU1sGQPIgR7iiE2J6b9mb71D1QiGs9A2KcBBpTPUA leHz4QPG+x7LUzMuVzpZ51rTXd9T59Fvr3x4tsgLQ7JZgNPwQ1XOaIDdpC2FItDK9nNIvTke Yfo6+Ue456/ZHSCUkFzJNYZteWXux10kT4UKS5+jfv+CTVMeDR8iUQIDAQABo4IDjTCCA4kw CQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwME MB0GA1UdDgQWBBTscNXjgXcy8YBjZv0hXzV2WlkSHTAgBgNVHREEGTAXgRVzZWJhc3RpYW5A cmllZ2VyLmluZm8wgagGA1UdIwSBoDCBnYAUU3Ltkpzg2ssBXHx+ljVO8tS4UYKhgYGkfzB9 MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJl IERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlm aWNhdGlvbiBBdXRob3JpdHmCAQ0wggFHBgNVHSAEggE+MIIBOjCCATYGCysGAQQBgbU3AQIB MIIBJTAuBggrBgEFBQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjA0 BggrBgEFBQcCARYoaHR0cDovL3d3dy5zdGFydHNzbC5jb20vaW50ZXJtZWRpYXRlLnBkZjCB vAYIKwYBBQUHAgIwga8wFBYNU3RhcnRDb20gTHRkLjADAgEBGoGWTGltaXRlZCBMaWFiaWxp dHksIHJlYWQgdGhlIHNlY3Rpb24gKkxlZ2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRD b20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8v d3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMGMGA1UdHwRcMFowK6ApoCeGJWh0dHA6Ly93 d3cuc3RhcnRzc2wuY29tL2NydHUxLWNybC5jcmwwK6ApoCeGJWh0dHA6Ly9jcmwuc3RhcnRz c2wuY29tL2NydHUxLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYBBQUHMAGGLWh0 dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MxL2NsaWVudC9jYTBCBggrBgEFBQcw AoY2aHR0cDovL3d3dy5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMS5jbGllbnQuY2Eu Y3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUF AAOCAQEARMqy5GWeKJXpUBwrSjtO0gWnXSZyW49x2M2Nne+zG6xXAf6We+gl4dpnktuVc3a8 fk9syfjYHdRF5adWC/5E/rpq7SB3jMsAG8BfnOpQXzJlTNPda3YLcE328AtxGBAM+4HZSIBG DLeaLU0V+ZdTq6J+q+Z+vtsWtAe4gyIiw7kDbkJ8Q726Q4jW5AitmC7O/3JV7nZ3i5cboYRK 6jduxSH7NRKa2SLqvQel7rfZDeYMzK9oPHXYgwkddPSrwaF/0Wtrkk3sKuswOzyQB6/4S4mk uT8bFuox4puIJwyi2LMQeuXmHN9Vny/9Roo6FB32sgdjlZbzSTGblhFCaM9n9TCCB+IwggXK oAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0 Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcx KTAnBgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIx MDE1NFoXDTEyMTAyMjIxMDE1NFowgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENv bSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgw NgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBD QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcJg8zOLdgasSmkLhOrlr6KMoOM pohBllVHrdRvEg/q6r8jR+EK75xCGhR8ToREoqe7zM9/UnC6TS2y9UKTpT1v7RSMzR0t6ndl 0TWBuUr/UXBhPk+Kmy7bI4yW4urC+y7P3/1/X7U8ocb8VpH/Clt+4iq7nirMcNh6qJR+xjOh V+VHzQMALuGYn5KZmc1NbJQYclsGkDxDz2UbFqE2+6vIZoL+jb9x4Pa5gNf1TwSDkOkikZB1 xtB4ZqtXThaABSONdfmv/Z1pua3FYxnCFmdr/+N2JLKutIxMYqQOJebr/f/h5t95m4JgrM3Y /w7YX9d7YAL9jvN4SydHsU6n65cCAwEAAaOCA1swggNXMAwGA1UdEwQFMAMBAf8wCwYDVR0P BAQDAgGmMB0GA1UdDgQWBBRTcu2SnODaywFcfH6WNU7y1LhRgjCBqAYDVR0jBIGgMIGdgBRO C+8apEBbpRdphzDKNGhD0EGu8qGBgaR/MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFy dENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5n MSkwJwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBATAJBgNVHRIE AjAAMD0GCCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5zdGFydHNzbC5j b20vc2ZzY2EuY3J0MGAGA1UdHwRZMFcwLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9y Zy9zZnNjYS1jcmwuY3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5j cmwwggFdBgNVHSAEggFUMIIBUDCCAUwGCysGAQQBgbU3AQEEMIIBOzAvBggrBgEFBQcCARYj aHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwNQYIKwYBBQUHAgEWKWh0dHA6 Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9pbnRlcm1lZGlhdGUucGRmMIHQBggrBgEFBQcCAjCBwzAn FiBTdGFydCBDb21tZXJjaWFsIChTdGFydENvbSkgTHRkLjADAgEBGoGXTGltaXRlZCBMaWFi aWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxlZ2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3Rh cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUG9saWN5IGF2YWlsYWJsZSBhdCBodHRw Oi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjARBglghkgBhvhCAQEEBAMCAAcwUAYJ YIZIAYb4QgENBEMWQVN0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgRnJl ZSBTU0wgRW1haWwgQ2VydGlmaWNhdGVzMA0GCSqGSIb3DQEBBQUAA4ICAQCqmuHgW4zOHRv8 HcYsMCCgt5Mm/fECts0RKL8p/8cwz/+B/wXPBRQ04KCUfp19i4tBD91O07IxvgmiIvdPvGJU oQA6ZD635v/Es4xrSbXzOhGpbiToaXKjK9zssyt2mBiT+USHmery0930Gg2bCKKF5emEhUf9 B6VOBSQ3NMLshWmZhWwq406fETWMkVk01+plkr/k62jsLo98663XUqYFBItlqsDPRv+aOCF0 Gxh8e6F07y+s68PSDmDt0DimQ4BTYR3ilIKjAFIi3IP/loXBnvmOLpirsYIbcGmLIA/2y3yH 6KdzQv7uSasAwloswCa7oZmzleCxvOfTBQm9sP2HmOecwz1RpkNzGXa4sHTiq4ZRYzo2IoZp tvFBzrzQ9ht5CtC757oni6o0DHOhrlHGQEDlr/eqVuAX24kF6QKomzDHm9D2SEmuzxRMxogX NsQLlUZDOJAff/oongNQ/zk4kScLH+q5KFYDrDfXwsOdtrczprlX4qg0uGxWL9NLF/3RRsGr B1FH9w7C4aQ0mHXo2++Eio7bqiwyDrgJtmwNWsQOvu5IxXjSJ4ElOjj0jK3vsQI6HP+nKGjB rYRQ/popq/4v/BfMA8Hcs2rO6MZHQrWlvIVYq/JiZ26eAm3JJZQzD5HkOqkDZsUg4Tnql9Y8 sdnE4v7z6vv08sVf7LZXoTGCA9AwggPMAgEBMIGUMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UE ChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUg U2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0 ZSBDbGllbnQgQ0ECAwCdWDAJBgUrDgMCGgUAoIICEDAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN AQcBMBwGCSqGSIb3DQEJBTEPFw0xMDA0MTYxODEzMTFaMCMGCSqGSIb3DQEJBDEWBBSemYdx 261TAGqe6598nsAxx3VvpzBfBgkqhkiG9w0BCQ8xUjBQMAsGCWCGSAFlAwQBAjAKBggqhkiG 9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcN AwICASgwgaUGCSsGAQQBgjcQBDGBlzCBlDCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0 YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25p bmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xp ZW50IENBAgMAnVgwgacGCyqGSIb3DQEJEAILMYGXoIGUMIGMMQswCQYDVQQGEwJJTDEWMBQG A1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNh dGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVybWVk aWF0ZSBDbGllbnQgQ0ECAwCdWDANBgkqhkiG9w0BAQEFAASCAQCzjUvvX7cFLTKWOJkM0N6i LT/0W7gZwWe0lyhQqYhLZdNMf3wOmnbiyQZPtJKUEAZXjfqtF8NWfDeC1ewYmSNCT8UlgCA/ Lx0Dvnn3IxqFheyFNm2W9xiCw8AOJmTSLQFIICbVzR3vEKHeM/oRKXywueFgmr4lqFbG00az 4QMU/J9Og/UffErMKvmwtGz4YAHMDPFCZ0Mh6PTZaUNh/6iuyXIeBlC0b9BpajAQJhUUU3G9 e4l/9se5XcghrP4K1t+UvtSGATPdlVOCAvwmxw694Fp+Dk563gYaAl+swMfP8xbQelu59ZBr oi6dDEtmqsCMNvZRF7ICsLxZlqI95gn8AAAAAAAA --------------ms040209080804080304070307--

1 0

Re: (ITS#6524) gnutls cipher spec is unclear
by hyc＠symas.com 16 Apr '10

16 Apr '10

matthijs(a)cacholong.nl wrote: > Full_Name: Matthijs Mohlmann > Version: 2.4.21 > OS: Linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (83.163.247.203) > > > Hi, > > The manpage about the TLS_CIPHER_SUITE is for gnutls a bit unclear, only an > example for OpenSSL is provided. > > Peter Marschall wrote a patch for this documentation issue. If Peter wants his patch considered for inclusion in OpenLDAP he should write to the ITS himself, we cannot accept 3rd party contributions. > See also: > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510346 > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=563113 > > Regards, > > Matthijs Mohlmann > > Patch: > --- openldap-2.1.21/doc/man/man5/ldap.conf.5 > +++ openldap-2.1.21/doc/man/man5/ldap.conf.5 2010-04-15 08:26:41.000000000 > +0200 > @@ -334,19 +334,37 @@ > .B TLS_CIPHER_SUITE<cipher-suite-spec> > Specifies acceptable cipher suite and preference order. > <cipher-suite-spec> should be a cipher specification for OpenSSL, > -e.g., HIGH:MEDIUM:+SSLv2. > +<cipher-suite-spec> should be a cipher specification for OpenSSL resp. GNUtls. > +Example: > +.RS > +.RS > +.TP > +.I OpenSSL: > +TLS_CIPHER_SUITE HIGH:MEDIUM:+SSLv2 > +.TP > +.I GNUtls: > +TLS_CIPHER_SUITE SECURE256:!AES-128-CBC > +.RE > > -To check what ciphers a given spec selects, use: > +To check what ciphers a given spec selects in OpenSSL, use: > > .nf > openssl ciphers \-v<cipher-suite-spec> > .fi > > -To obtain the list of ciphers in GNUtls use: > +With GNUtls the available specs can be found in the manual page of > +.BR gnutls\-cli (1) > +(see the description of the > +option > +.BR \-\-priority ). > + > +In older versions of GNUtls, where gnutls\-cli does not support the option > +\-\-priority, you can obtain the \(em more limited \(em list of ciphers by > calling: > > .nf > - gnutls-cli \-l > + gnutls\-cli \-l > .fi > +.RE > .TP > .B TLS_RANDFILE<filename> > Specifies the file to obtain random bits from when /dev/[u]random is > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#6524) gnutls cipher spec is unclear
by matthijs＠cacholong.nl 16 Apr '10

16 Apr '10

Full_Name: Matthijs Mohlmann Version: 2.4.21 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (83.163.247.203) Hi, The manpage about the TLS_CIPHER_SUITE is for gnutls a bit unclear, only an example for OpenSSL is provided. Peter Marschall wrote a patch for this documentation issue. See also: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510346 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=563113 Regards, Matthijs Mohlmann Patch: --- openldap-2.1.21/doc/man/man5/ldap.conf.5 +++ openldap-2.1.21/doc/man/man5/ldap.conf.5 2010-04-15 08:26:41.000000000 +0200 @@ -334,19 +334,37 @@ .B TLS_CIPHER_SUITE <cipher-suite-spec> Specifies acceptable cipher suite and preference order. <cipher-suite-spec> should be a cipher specification for OpenSSL, -e.g., HIGH:MEDIUM:+SSLv2. +<cipher-suite-spec> should be a cipher specification for OpenSSL resp. GNUtls. +Example: +.RS +.RS +.TP +.I OpenSSL: +TLS_CIPHER_SUITE HIGH:MEDIUM:+SSLv2 +.TP +.I GNUtls: +TLS_CIPHER_SUITE SECURE256:!AES-128-CBC +.RE -To check what ciphers a given spec selects, use: +To check what ciphers a given spec selects in OpenSSL, use: .nf openssl ciphers \-v <cipher-suite-spec> .fi -To obtain the list of ciphers in GNUtls use: +With GNUtls the available specs can be found in the manual page of +.BR gnutls\-cli (1) +(see the description of the +option +.BR \-\-priority ). + +In older versions of GNUtls, where gnutls\-cli does not support the option +\-\-priority, you can obtain the \(em more limited \(em list of ciphers by calling: .nf - gnutls-cli \-l + gnutls\-cli \-l .fi +.RE .TP .B TLS_RANDFILE <filename> Specifies the file to obtain random bits from when /dev/[u]random is

1 0

Re: (ITS#6515) A lot of dead links on main page of OpenLDAP man.
by Kurt＠OpenLDAP.org 15 Apr '10

15 Apr '10

On Apr 15, 2010, at 5:37 PM, hyc(a)symas.com wrote: > Dzmitry Stremkouski wrote: >> http://www.openldap.org/doc/admin24/schema.html - Contains them, as = well >=20 > I guess the web site is just out of date. I note that update to date for doc/admin24 means "as of the last 2.4 = patch release". -- Kurt=

1 0

Re: (ITS#6515) A lot of dead links on main page of OpenLDAP man.
by hyc＠symas.com 15 Apr '10

15 Apr '10

Dzmitry Stremkouski wrote: > http://www.openldap.org/doc/admin24/schema.html - Contains them, as well I guess the web site is just out of date. The last link in question was fixed by ITS#6493 on 2010-03-18. The IANA link was fixed on 2007-07-07. I don't recall when the bsa link was removed, but it's gone in the 2.4 doc. > On Mon, Apr 12, 2010 at 10:10 PM, Howard Chu <hyc(a)symas.com > <mailto:hyc@symas.com>> wrote: > > mitroko(a)gmail.com <mailto:mitroko@gmail.com> wrote: > > Full_Name: Dmitry Stremkouski > Version: > OS: GNU/Linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (95.84.189.132) > > > Hello guys. The part of OpenLDAP Manual (wich can be found here - > http://www.openldap.org/doc/admin23/schema.html) contains a lot of broken > links. > Please correct. > > > The 2.3 release is no longer maintained. This doc will not be updated. > > FE: http://www.alvestrand.no/harald/objectid/ - dead > A: http://www.bsa-global.com/ - dead (doesn't look good enough for > global OID > authority) > A: http://www.iana.org/cgi-bin/enterprise.pl - should be (redirect, > but futher, > IMHO, will be dead, try http://pen.iana.org/pen/PenApplication.page) > > Thanks. > > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ > > > > > -- > <pre> > (o_ - Dzmitry Stremkouski. > //\ - cel: +7 (916) 090-85-68 > V_/_- web: http://mitroko.com > </pre> > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: ITS#6475
by masarati＠aero.polimi.it 15 Apr '10

15 Apr '10

>> Such a behavior allows replays attacks >> within the modification propagation time frame, but it ensures that bind >> are still possible when then master is down. I think it could be >> interesting to have a configuration setting for that. > > We should bring this to -devel, to see whether it makes sense and whether > it would be acceptable. A fix in this sense is in HEAD. Modifications consist in the original patch (well-known SASL mechs exploit the dontUseCopy control to actually lookup and propagate auxprops to the master ("sasl-auxprops-dontusecopy" directive). Another directive ("sasl-auxprops-dontusecopy-ignore") allows to ignore errors and lookup/store auxprops locally. By default it's FALSE for consistency. If set to TRUE, replicas will be misaligned, but service will be possible. Choose what best fits your needs. Both directives are not documented yet, as I consider the whole code highly experimental. Right now, is only built when #define LDAP_DEVEL. Please note that the relatively minor modifications to slapo-chain(5) are not conditioned on #define SLAP_AUXPROP_DONTUSECOPY, because I think they are generally useful, and I've checked they don't break anything (I could check so far). Please report any inconvenience. p.

1 0

Re: (ITS#6469) push replication entryCSN of database suffix out of sync
by rhafer＠suse.de 15 Apr '10

15 Apr '10

Am Donnerstag 15 April 2010 00:53:04 schrieb hyc(a)symas.com: > rhafer(a)suse.de wrote: > > Am Mittwoch 03 Februar 2010 09:39:19 schrieb hyc(a)symas.com: > >> rhafer(a)suse.de wrote: > >>> Am Dienstag 02 Februar 2010 23:30:23 schrieb hyc(a)symas.com: > >>>> But how did the suffix entry get created without an entryCSN in > >>>> the first place? The MOD that updates the contextCSN doesn't > >>>> happen until after the suffix entry already exists. > >>> > >>> It wasn't created without an entryCSN. It always had one. But the > >>> MOD to update the contextCSN (coming from the provider) doesn't > >>> contain one. So bdb_modify() will call slap_mods_opattrs() to add > >>> entryCSN to the MOD operation. The easiest fix is probably to > >>> never touch the opattrs if "updatedn" is doing MODs, though I am > >>> not yet sure if it might break something. Currently my fix (not > >>> committed yet) only skips the slap_mods_opattrs() step if > >>> "updatedn" it is doing a MOD on contextCSN. > >> > >> Ah, got it. Yes, sounds like your fix is fine. > > > > Do you think it's fine to always skip slap_mods_opattrs() if > > "updatedn" is writing? Or should I check for contextCSN MODs > > specifically? > > > >> Historically the updatedn user (e.g. slurpd) has always provided > >> all of the operational attributes in its updates. > > I guess the question is what have we done in the past for updatedn > writes? If we filled in missing opattrs, then we should continue to > do so. So it should be a special case for contextCSN mods. Ok, that's how the current fix work. So I think we are fine here now. -- Ralf

1 0

Re: (ITS#6513) dynacl/aci fails on searches with attributes
by masarati＠aero.polimi.it 14 Apr '10

14 Apr '10

> If you don't mind playing with HEAD code, you could try this patch > > <ftp://ftp.openldap.org/incoming/pierangelo-masarati-2010-04-14-extra-attrs.…> Never mind, I think I already made it incompatible with HEAD code. I'm going to commit this stuff anyway, please stay tuned. p. > You need to add > > extra_attrs OpenLDAPACI > > within the database that contains the offending slapo-rwm instance. > > Please test and report. Thanks, p. > > > >

1 0

Re: (ITS#6513) dynacl/aci fails on searches with attributes
by masarati＠aero.polimi.it 14 Apr '10

14 Apr '10

If you don't mind playing with HEAD code, you could try this patch <ftp://ftp.openldap.org/incoming/pierangelo-masarati-2010-04-14-extra-attrs.…> You need to add extra_attrs OpenLDAPACI within the database that contains the offending slapo-rwm instance. Please test and report. Thanks, p.

1 0

← Newer
1
...
9
10
11
12
13
14
15
...
24
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs April 2010