https://bugs.openldap.org/show_bug.cgi?id=10175
Issue ID: 10175 Summary: Secure LDAP is not working on GCC 10.3.0 Product: OpenLDAP Version: 2.6.3 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs@openldap.org Reporter: bluesoulprince@gmail.com Target Milestone: ---
Hi Team,
We have recently migrated our C++ application which is using OpenLDAP 2.6 to GCC version 10.3.0. We are observing difference in LDAP behavior. The non-secure version of LDAP is able to return the result in GCC 10.3.0, however when we switch to secure LDAP, it is not able to return with result.
There was no compilation / build issue observed while building our application.
Our query is, does secure LDAP from OpenLDAP ver 2.6 have any compatibility issues over GCC 10.3.0? If there are any issues identified over this version, how to resolve those? in which version fixes for them are available?
Thanks, Vivek
https://bugs.openldap.org/show_bug.cgi?id=10175
--- Comment #1 from Quanah Gibson-Mount quanah@openldap.org --- Hello,
Your description is lacking any actionable detail. What is "secure" LDAP? What is "non-secure" LDAP?
https://bugs.openldap.org/show_bug.cgi?id=10175
--- Comment #2 from Vivek S bluesoulprince@gmail.com --- Hi,
We are using LDAP using TLS in our C++ app.
The exact problem we are facing is that, after migrating our application over GCC 10.3.0, we are getting error "TLS: could not allocate default ctx".
Same C++ application, using same OpenLDAP ver 2.6, over the previous GCC version was able to connect with LDAP server using TLS with the same set of certificates.
What could be the reason for this change in behavior when using GCC 10.3.0? If you need more information, kindly specify and it can be shared here.
Thanks, Vivek S
https://bugs.openldap.org/show_bug.cgi?id=10175
--- Comment #3 from Quanah Gibson-Mount quanah@openldap.org --- (In reply to Vivek S from comment #2)
Hi,
We are using LDAP using TLS in our C++ app.
The exact problem we are facing is that, after migrating our application over GCC 10.3.0, we are getting error "TLS: could not allocate default ctx".
This is an error from the OpenSSL library. This implies that there were other changes to your environment than purely updating to a new version of GCC.
https://bugs.openldap.org/show_bug.cgi?id=10175
--- Comment #4 from Quanah Gibson-Mount quanah@openldap.org --- A separate question - when building your OpenLDAP, do you run the test suite?
https://bugs.openldap.org/show_bug.cgi?id=10175
--- Comment #5 from Vivek S bluesoulprince@gmail.com --- Hi,
No we do not run any test suite during OpenLDAP build. Also, we narrowed down the problematic area in OpenLDAP's tls2.c file. Below is the impacted code snippet:
ldap_int_tls_init_ctx() { ... lo->ldo_tls_ctx = ti->ti_ctx_new( lo ); //lo, ti not NULL here if ( lo->ldo_tls_ctx == NULL ) { //This condition returns true Debug0( LDAP_DEBUG_ANY, "TLS: could not allocate default ctx.\n" ); rc = -1; goto error_exit; }
The conditional check fails only for application run built over GCC 10.3.0. Can you please provide any leads?
Thanks, Vivek
https://bugs.openldap.org/show_bug.cgi?id=10175
--- Comment #6 from Vivek S bluesoulprince@gmail.com --- Hi,
On further analysis, we could see that the SSL function SSL_CTX_new() which is responsible for creating a new context is at fault here. We are currently looking into this.
Thanks for your support so far. If required, we will get back.
Regards, Vivek
https://bugs.openldap.org/show_bug.cgi?id=10175
--- Comment #7 from Quanah Gibson-Mount quanah@openldap.org --- At a minimum, I would ensure you run test067 and test068 from the test suite, since they explicitly test TLS support.
https://bugs.openldap.org/show_bug.cgi?id=10175
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords|needs_review |
https://bugs.openldap.org/show_bug.cgi?id=10175
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |FEEDBACK
-
openldap-its@openldap.org