--_000_MWHPR08MB24000D77048AFCF7465C4397B53C0MWHPR08MB2400namp_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
could you send me output of running
openssl version -a
on your system? thanks
________________________________ From: Howard Chu hyc@symas.com Sent: Wednesday, April 24, 2019 10:04 AM To: Siddharth Jain; openldap-its@OpenLDAP.org Subject: Re: (ITS#9014) OpenLDAP modifies user provided TLS certificate bef= ore sending it to client
Siddharth Jain wrote:
Wow! Thanks for responding so fast. This could be a bug in docker-openlda=
p then. we have repro'ed this in two different environments - mac and ubunt= u. Do you
have a recommendation for docker image for openldap?
As I said before, OpenLDAP doesn't touch the certificate files, it merely t= ells the TLS library where they are. You must likely have a broken TLS library. -------------------------------------------------------------------------= ---------------------------------------------------------------------------= ------------
*From:* Howard Chu hyc@symas.com *Sent:* Wednesday, April 24, 2019 9:42 AM *To:* Siddharth Jain; openldap-its@OpenLDAP.org *Subject:* Re: (ITS#9014) OpenLDAP modifies user provided TLS certificate=
before sending it to client
Siddharth Jain wrote:
we have documented complete steps to repro the bug here <https://nam01.s=
afelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fgithub.com%2Fsiddjain%= 2Fopenldap-bug&data=3D02%7C01%7C%7Cdeffc420629649af454408d6c8d6f129%7C8= 4df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636917222820865922&sdata=3Dsx= jXXBtCMOjbK5AZCpLTObP%2BIlJRAxXUK7LpLzUDD%2FM%3D&reserved=3D0> with
container logs.
I see no error here.
Using your cert/key files:
There is no OpenLDAP bug here. Your server environment is broken.
-- -- Howard Chu CTO, Symas Corp. https://nam01.safelinks.protection.outlook.com= /?url=3Dhttp%3A%2F%2Fwww.symas.com&data=3D02%7C01%7C%7Cdeffc420629649af= 454408d6c8d6f129%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C6369172228208= 65922&sdata=3DX5JT6j5%2BQ2BAsKGfNslnC%2FkQj%2BcSU4GAdTqmqqc3lWo%3D&= reserved=3D0 Director, Highland Sun https://nam01.safelinks.protection.outlook.com= /?url=3Dhttp%3A%2F%2Fhighlandsun.com%2Fhyc%2F&data=3D02%7C01%7C%7Cdeffc= 420629649af454408d6c8d6f129%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C63= 6917222820865922&sdata=3DSHju26Gxu5dToV%2BuCYDxBMZQS5qJZvREcg9q0CEg2bo%= 3D&reserved=3D0 Chief Architect, OpenLDAP https://nam01.safelinks.protection.outlook.com= /?url=3Dhttp%3A%2F%2Fwww.openldap.org%2Fproject%2F&data=3D02%7C01%7C%7C= deffc420629649af454408d6c8d6f129%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0= %7C636917222820865922&sdata=3DfJ7LIrWHv%2FG4CJGrx%2BClsFoldJfri%2Bdk7WN= 59Bt45jU%3D&reserved=3D0
--_000_MWHPR08MB24000D77048AFCF7465C4397B53C0MWHPR08MB2400namp_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
<html> <head> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-= 1"> <style type=3D"text/css" style=3D"display:none;"> P {margin-top:0;margin-bo= ttom:0;} </style> </head> <body dir=3D"ltr"> <div style=3D"font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;= color: rgb(0, 0, 0);"> could you send me output of running <p style=3D"margin: 0px; font: 11px Menlo; background-color: rgb(255, 255, = 255); margin: 0px; background-color: rgb(255, 255, 255)"> <span style=3D"font-variant-ligatures: no-common-ligatures; font-variant-li= gatures: no-common-ligatures">openssl version -a</span></p> <p style=3D"margin: 0px; font: 11px Menlo; background-color: rgb(255, 255, = 255); margin: 0px; background-color: rgb(255, 255, 255)"> <span style=3D"font-variant-ligatures: no-common-ligatures; font-variant-li= gatures: no-common-ligatures">on your system? thanks</span></p> </div> <div> <div id=3D"appendonsend"></div> <div style=3D"font-family:Calibri,Helvetica,sans-serif; font-size:12pt; col= or:rgb(0,0,0)"> <br> </div> <hr tabindex=3D"-1" style=3D"display:inline-block; width:98%"> <div id=3D"divRplyFwdMsg" dir=3D"ltr"><font face=3D"Calibri, sans-serif" co= lor=3D"#000000" style=3D"font-size:11pt"><b>From:</b> Howard Chu <hyc@sy= mas.com><br> <b>Sent:</b> Wednesday, April 24, 2019 10:04 AM<br> <b>To:</b> Siddharth Jain; openldap-its@OpenLDAP.org<br> <b>Subject:</b> Re: (ITS#9014) OpenLDAP modifies user provided TLS certific= ate before sending it to client</font> <div> </div> </div> <div class=3D"BodyFragment"><font size=3D"2"><span style=3D"font-size:11pt"=
<div class=3D"PlainText">Siddharth Jain wrote:<br> > Wow! Thanks for responding so fast. This could be a bug in docker-open= ldap then. we have repro'ed this in two different environments - mac and ub= untu. Do you<br> > have a recommendation for docker image for openldap?<br> <br> As I said before, OpenLDAP doesn't touch the certificate files, it merely t= ells the TLS<br> library where they are. You must likely have a broken TLS library.<br> --------------------------------------------------------------------= ---------------------------------------------------------------------------= -----------------<br> > *From:* Howard Chu <hyc@symas.com><br> > *Sent:* Wednesday, April 24, 2019 9:42 AM<br> > *To:* Siddharth Jain; openldap-its@OpenLDAP.org<br> > *Subject:* Re: (ITS#9014) OpenLDAP modifies user provided TLS certific= ate before sending it to client<br> > <br> > Siddharth Jain wrote:<br> >> we have documented complete steps to repro the bug here <<= a href=3D"https://nam01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F= %2Fgithub.com%2Fsiddjain%2Fopenldap-bug&amp;data=3D02%7C01%7C%7Cdeffc42= 0629649af454408d6c8d6f129%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C6369= 17222820865922&amp;sdata=3DsxjXXBtCMOjbK5AZCpLTObP%2BIlJRAxXUK7LpLzUDD%= 2FM%3D&amp;reserved=3D0">https://nam01.safelinks.protection.outlook.com= /?url=3Dhttps%3A%2F%2Fgithub.com%2Fsiddjain%2Fopenldap-bug&amp;data=3D0= 2%7C01%7C%7Cdeffc420629649af454408d6c8d6f129%7C84df9e7fe9f640afb435aaaaaaaa= aaaa%7C1%7C0%7C636917222820865922&amp;sdata=3DsxjXXBtCMOjbK5AZCpLTObP%2= BIlJRAxXUK7LpLzUDD%2FM%3D&amp;reserved=3D0</a>> with<br> > container logs.<br> > <br> > I see no error here.<br> > <br> > Using your cert/key files:<br> <br> > There is no OpenLDAP bug here. Your server environment is broken.<br> <br> <br> -- <br> -- Howard Chu<br> CTO, Symas Corp. &nbs= p; <a href=3D"https://nam01.safelinks.protection.outlook.com/?url=3Dh= ttp%3A%2F%2Fwww.symas.com&amp;data=3D02%7C01%7C%7Cdeffc420629649af45440= 8d6c8d6f129%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636917222820865922= &amp;sdata=3DX5JT6j5%2BQ2BAsKGfNslnC%2FkQj%2BcSU4GAdTqmqqc3lWo%3D&a= mp;reserved=3D0"> https://nam01.safelinks.protection.outlook.com/?url=3Dhttp%3A%2F%2Fwww.syma= s.com&amp;data=3D02%7C01%7C%7Cdeffc420629649af454408d6c8d6f129%7C84df9e= 7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636917222820865922&amp;sdata=3DX5J= T6j5%2BQ2BAsKGfNslnC%2FkQj%2BcSU4GAdTqmqqc3lWo%3D&amp;reserved=3D0</a><= br> Director, Highland Sun <a href=3D"https://na= m01.safelinks.protection.outlook.com/?url=3Dhttp%3A%2F%2Fhighlandsun.com%2F= hyc%2F&amp;data=3D02%7C01%7C%7Cdeffc420629649af454408d6c8d6f129%7C84df9= e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636917222820865922&amp;sdata=3DSH= ju26Gxu5dToV%2BuCYDxBMZQS5qJZvREcg9q0CEg2bo%3D&amp;reserved=3D0"> https://nam01.safelinks.protection.outlook.com/?url=3Dhttp%3A%2F%2Fhighland= sun.com%2Fhyc%2F&amp;data=3D02%7C01%7C%7Cdeffc420629649af454408d6c8d6f1= 29%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636917222820865922&amp;= sdata=3DSHju26Gxu5dToV%2BuCYDxBMZQS5qJZvREcg9q0CEg2bo%3D&amp;reserved= =3D0</a><br> Chief Architect, OpenLDAP <a href=3D"https://nam01.safelinks.p= rotection.outlook.com/?url=3Dhttp%3A%2F%2Fwww.openldap.org%2Fproject%2F&= ;amp;data=3D02%7C01%7C%7Cdeffc420629649af454408d6c8d6f129%7C84df9e7fe9f640a= fb435aaaaaaaaaaaa%7C1%7C0%7C636917222820865922&amp;sdata=3DfJ7LIrWHv%2F= G4CJGrx%2BClsFoldJfri%2Bdk7WN59Bt45jU%3D&amp;reserved=3D0"> https://nam01.safelinks.protection.outlook.com/?url=3Dhttp%3A%2F%2Fwww.open= ldap.org%2Fproject%2F&amp;data=3D02%7C01%7C%7Cdeffc420629649af454408d6c= 8d6f129%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636917222820865922&= ;amp;sdata=3DfJ7LIrWHv%2FG4CJGrx%2BClsFoldJfri%2Bdk7WN59Bt45jU%3D&amp;r= eserved=3D0</a><br> </div> </span></font></div> </div> </body> </html>
--_000_MWHPR08MB24000D77048AFCF7465C4397B53C0MWHPR08MB2400namp_--