(ITS#6352) Not all certificates are read if the TLS_CACERTDIR contains broken links - openldap-bugs

27 Oct 2009


      Full_Name: Steffen Gruner
Version: 2.3.43
OS: Gentoo Linux
URL: 
Submission from: (NULL) (84.171.177.13)
If in the TLS_CACERTDIR (/etc/ssl/certs/ on by box) contains broken symbolic
links the ldapsearch command stops on the first broken link and doesn't use all
the other certificates.
Please see this trace:
...
open("/lib/libz.so", O_RDONLY)          = 4
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\24\0\0004\0\0\0\240"...,
512) = 512
fstat64(4, {st_mode=S_IFREG|0755, st_size=69512, ...}) = 0
mmap2(NULL, 71888, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) =
0xb7b39000
mmap2(0xb7b4a000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x10) = 0xb7b4a000
close(4)                                = 0
munmap(0xb7ecf000, 145583)              = 0
open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 4
fstat64(4, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
poll([{fd=4, events=POLLIN}], 1, 10)    = 1 ([{fd=4, revents=POLLIN}])
read(4, "H\323y\354\334WM\262\274<qu\24\37\270\250\375ZI2\177\363\325\344-K\253'\330\241\211\243"...,
32) = 32
close(4)                                = 0
getuid32()                              = 1000
time(NULL)                              = 1256629367
open("/etc/ssl/cert.pem", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or
directory)
open("/etc/ssl/certs/", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000) =
4
fstat64(4, {st_mode=S_IFDIR|0755, st_size=12512, ...}) = 0
fcntl64(4, F_GETFD)                     = 0x1 (flags FD_CLOEXEC)
getdents(4, /* 120 entries */, 4096)    = 4064
open("/etc/ssl/certs//.", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=S_IFDIR|0755, st_size=12512, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7ef2000
read(5, 0xb7ef2000, 4096)               = -1 EISDIR (Is a directory)
close(5)                                = 0
munmap(0xb7ef2000, 4096)                = 0
open("/etc/ssl/certs//..", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=S_IFDIR|0755, st_size=152, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7ef2000
read(5, 0xb7ef2000, 4096)               = -1 EISDIR (Is a directory)
close(5)                                = 0
munmap(0xb7ef2000, 4096)                = 0
open("/etc/ssl/certs//d537fba6.0", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=1505, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7ef2000
read(5, "-----BEGIN CERTIFICATE-----\nMIIEK"..., 4096) = 1505
read(5, ""..., 4096)                    = 0
close(5)                                = 0
munmap(0xb7ef2000, 4096)                = 0
open("/etc/ssl/certs//DigiNotar_Root_CA.pem", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=1980, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7ef2000
read(5, "-----BEGIN CERTIFICATE-----\nMIIFi"..., 4096) = 1980
read(5, ""..., 4096)                    = 0
close(5)                                = 0
munmap(0xb7ef2000, 4096)                = 0
open("/etc/ssl/certs//QuoVadis_Root_Certification_Authority.pem",
O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
close(4)                                = 0
write(2, "ldap_bind: Can't contact LDAP ser"..., 42ldap_bind: Can't contact LDAP
server (-1)
) = 42
exit_group(1)                           = ?