openldap-bugs February 2022

openldap-bugs@openldap.org

1 participants
109 discussions

[Issue 9731] New: startup messages still go to syslog when logfile-only is on
by openldap-its＠openldap.org 28 Feb '22

28 Feb '22

https://bugs.openldap.org/show_bug.cgi?id=9731 Issue ID: 9731 Summary: startup messages still go to syslog when logfile-only is on Product: OpenLDAP Version: 2.6.0 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- When setting logfile-only on, slapd still logs its startup message to syslog: Oct 29 21:07:47 u18test slapd[18534]: @(#) $OpenLDAP: slapd 2.6.0 (Oct 29 2021 05:12:17) $#012#011openldap This is useful information to have consolidated into the specified logfile. Note that: 617c62a3.16f03fdb 0x7f9325ed67c0 slapd starting does make it to the logfile. However, it would be useful to have the build date and version in the specified logfile. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 6097] MMR problems with deletes
by openldap-its＠openldap.org 28 Feb '22

28 Feb '22

https://bugs.openldap.org/show_bug.cgi?id=6097 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.6.2 |2.7.0 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8255] slapd-sock: response parsing in str2result() is broken
by openldap-its＠openldap.org 28 Feb '22

28 Feb '22

https://bugs.openldap.org/show_bug.cgi?id=8255 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|IN_PROGRESS |RESOLVED --- Comment #12 from Quanah Gibson-Mount <quanah(a)openldap.org> --- RE26: • 59605f9f by Ondřej Kuzník at 2022-02-28T17:36:11+00:00 ITS#8255 Clarify "sockresps result" behaviour -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8255] slapd-sock: response parsing in str2result() is broken
by openldap-its＠openldap.org 28 Feb '22

28 Feb '22

https://bugs.openldap.org/show_bug.cgi?id=8255 --- Comment #11 from Quanah Gibson-Mount <quanah(a)openldap.org> --- head: 73e882c8 by Ondřej Kuzník at 2022-02-24T15:32:36+00:00 ITS#8255 Clarify "sockresps result" behaviour -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8753] Public key pinning support in libldap
by openldap-its＠openldap.org 21 Feb '22

21 Feb '22

https://bugs.openldap.org/show_bug.cgi?id=8753 --- Comment #14 from Ondřej Kuzník <ondra(a)mistotebe.net> --- On Mon, Feb 21, 2022 at 10:46:12AM +0000, openldap-its(a)openldap.org wrote: > => The correct values for hashalgo should be described in the man-page. Since this depends entirely on the crypto library at runtime, not sure how we could do any better than saying "it depends", which is what I did in that linked commit, now at https://git.openldap.org/openldap/openldap/-/merge_requests/499 Can you suggest an alternate wording you think explains it better? Thanks, -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8753] Public key pinning support in libldap
by openldap-its＠openldap.org 21 Feb '22

21 Feb '22

https://bugs.openldap.org/show_bug.cgi?id=8753 --- Comment #13 from Michael Ströder <michael(a)stroeder.com> --- On 2/21/22 11:40, openldap-its(a)openldap.org wrote: > See the (commented) lines in the test: > https://code.stroeder.com/pymod/python-ldap0/src/branch/main/tests/test_lda… Ok, I've looked into the tests for TLS_PEERKEY_HASHALG to make it work. => The correct values for hashalgo should be described in the man-page. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8753] Public key pinning support in libldap
by openldap-its＠openldap.org 21 Feb '22

21 Feb '22

https://bugs.openldap.org/show_bug.cgi?id=8753 --- Comment #12 from Michael Ströder <michael(a)stroeder.com> --- (In reply to Ondřej Kuzník from comment #11) > It should be analogous to HTTP Public Key Pinning, that's why it's > working with keys, not certificates. Ah, ok. For python-ldap0 tests I've used for generation the SHA-256 hash: openssl rsa -in tests/tls/localhost.key -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64 But it does not work (with libldap 2.6.1): ldap0.CONNECT_ERROR: {'result': -11, 'desc': b'Connect error', 'ctrls': [], 'info': b'error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (self signed certificate in certificate chain)'} See the (commented) lines in the test: https://code.stroeder.com/pymod/python-ldap0/src/branch/main/tests/test_lda… Assuming I got this right: https://code.stroeder.com/pymod/python-ldap0/commit/1ec4ad7ada7388835d5df8c… -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8753] Public key pinning support in libldap
by openldap-its＠openldap.org 21 Feb '22

21 Feb '22

https://bugs.openldap.org/show_bug.cgi?id=8753 --- Comment #11 from Ondřej Kuzník <ondra(a)mistotebe.net> --- How about https://git.openldap.org/ondra/openldap/-/commit/e020f3ba26fd6d42ce0f91299b… It should be analogous to HTTP Public Key Pinning, that's why it's working with keys, not certificates. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8753] Public key pinning support in libldap
by openldap-its＠openldap.org 19 Feb '22

19 Feb '22

https://bugs.openldap.org/show_bug.cgi?id=8753 --- Comment #10 from Michael Ströder <michael(a)stroeder.com> --- Is the key hash calculated over the raw public key? In which representation? Why not use the TLS server cert's finger-print? -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8753] Public key pinning support in libldap
by openldap-its＠openldap.org 19 Feb '22

19 Feb '22

https://bugs.openldap.org/show_bug.cgi?id=8753 --- Comment #9 from Michael Ströder <michael(a)stroeder.com> --- (In reply to Michael Ströder from comment #8) > What are valid values or is the format of the <hashalg> field? It seems crypto(7) should be referenced by ldap_set_option(3) in case of OpenSSL? https://www.openssl.org/docs/manmaster/man7/crypto.html -- You are receiving this mail because: You are on the CC list for the issue.

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs February 2022