Re: (ITS#9014) OpenLDAP modifies user provided TLS certificate before sending it to client - openldap-bugs

24 Apr 2019


      --_000_MWHPR08MB2400F5334463D5A204E8CF88B53C0MWHPR08MB2400namp_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Wow! Thanks for responding so fast. This could be a bug in docker-openldap =
then. we have repro'ed this in two different environments - mac and ubuntu.=
 Do you have a recommendation for docker image for openldap?
________________________________
From: Howard Chu hyc@symas.com
Sent: Wednesday, April 24, 2019 9:42 AM
To: Siddharth Jain; openldap-its@OpenLDAP.org
Subject: Re: (ITS#9014) OpenLDAP modifies user provided TLS certificate bef=
ore sending it to client
Siddharth Jain wrote:
...
we have documented complete steps to repro the bug here <https://eur04.sa=
felinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fgithub.com%2Fsiddjain%2=
Fopenldap-bug&amp;data=3D02%7C01%7C%7Caca4f78e53324b52690008d6c8d3cc09%7C84=
df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636917209315407238&amp;sdata=3D8Vf=
RtnCNPd%2BFo2Sps%2BLftBG3XcC57ReIFFphK6noyLc%3D&amp;reserved=3D0> with cont=
ainer logs.
I see no error here.
Using your cert/key files:
...
ls -l /tmp/jnj
total 12
-rw-r--r-- 1 hyc hyc 1592 Apr 24 17:34 jnj-ca-chain.pem
-rw-r--r-- 1 hyc hyc  241 Apr 24 17:34 jnj-ldap-server-tls.key
-rw-r--r-- 1 hyc hyc 1111 Apr 24 17:34 jnj-ldap-server-tls.pem
###
With this slapd config
vielle:~/OD/hobj/tests> cat testrun/slapd.1.conf
include         ./schema/core.schema
include         ./schema/cosine.schema
include         ./schema/inetorgperson.schema
include         ./schema/openldap.schema
include         ./schema/nis.schema
include         ./testdata/test.schema
pidfile         /home/hyc/OD/hobj/tests/testrun/slapd.1.pid
argsfile        /home/hyc/OD/hobj/tests/testrun/slapd.1.args
sockbuf_max_incoming 4194303
TLSCAcertificatefile /tmp/jnj/jnj-ca-chain.pem
TLSCertificateFile /tmp/jnj/jnj-ldap-server-tls.pem
TLSCertificateKeyFile /tmp/jnj/jnj-ldap-server-tls.key
database        mdb
suffix          "dc=3Dexample,dc=3Dcom"
rootdn          "cn=3DManager,dc=3Dexample,dc=3Dcom"
rootpw          secret
directory       /home/hyc/OD/hobj/tests/testrun/db.1.a
index           objectClass     eq
index           cn,sn,uid       pres,eq,sub
maxsize 33554432
database        monitor
###
And this slapd invocation from the OpenLDAP build tree
vielle:~/OD/hobj/tests> ../servers/slapd/slapd -f testrun/slapd.1.conf -h l=
daps://:9011 -s0 -d7
I get no verification error:
...
openssl s_client -connect localhost:9011 -state -nbio -CAfile jnj-ca-chai=
n.pem -showcerts
CONNECTED(00000005)
Turned on non blocking io
SSL_connect:before SSL initialization
SSL_connect:SSLv3/TLS write client hello
SSL_connect:error in SSLv3/TLS write client hello
write R BLOCK
SSL_connect:SSLv3/TLS write client hello
SSL_connect:SSLv3/TLS read server hello
SSL_connect:TLSv1.3 read encrypted extensions
depth=3D2 C =3D US, ST =3D WA, L =3D Bellevue, O =3D Johnson & Johnson, CN =
=3D rca-jnj
verify return:1
depth=3D1 C =3D US, ST =3D WA, L =3D Bellevue, O =3D Johnson & Johnson, OU =
=3D client + OU =3D jnj, CN =3D rca-jnj-admin
verify return:1
depth=3D0 C =3D US, ST =3D WA, L =3D Bellevue, O =3D Johnson & Johnson, OU =
=3D client + OU =3D jnj, CN =3D jnj-ldap-server
verify return:1
SSL_connect:SSLv3/TLS read server certificate
SSL_connect:TLSv1.3 read server certificate verify
SSL_connect:SSLv3/TLS read finished
SSL_connect:SSLv3/TLS write change cipher spec
SSL_connect:SSLv3/TLS write finished
read R BLOCK
---
Certificate chain
 0 s:C =3D US, ST =3D WA, L =3D Bellevue, O =3D Johnson & Johnson, OU =3D c=
lient + OU =3D jnj, CN =3D jnj-ldap-server
   i:C =3D US, ST =3D WA, L =3D Bellevue, O =3D Johnson & Johnson, OU =3D c=
lient + OU =3D jnj, CN =3D rca-jnj-admin
-----BEGIN CERTIFICATE-----
MIIDBzCCAq2gAwIBAgIUcxrGrCSwJwlQhBEuKztfLgRrtygwCgYIKoZIzj0EAwIw
fjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMREwDwYDVQQHEwhCZWxsZXZ1ZTEa
MBgGA1UECgwRSm9obnNvbiAmIEpvaG5zb24xGzANBgNVBAsTBmNsaWVudDAKBgNV
BAsTA2puajEWMBQGA1UEAxMNcmNhLWpuai1hZG1pbjAeFw0xOTA0MjIxNzE0MDBa
Fw0yMDA0MjExNzE5MDBaMIGAMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExETAP
BgNVBAcTCEJlbGxldnVlMRowGAYDVQQKDBFKb2huc29uICYgSm9obnNvbjEbMA0G
A1UECxMGY2xpZW50MAoGA1UECxMDam5qMRgwFgYDVQQDEw9qbmotbGRhcC1zZXJ2
ZXIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARutu4G452HY8vYKJLw9VXmIuz+
X1XNNwyI6q7KzzwNmTwzWyHIVzxjqNTsTRqY0L0lLI1cko2LsIACqnJTed7yo4IB
BDCCAQAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTPS+Zc8+ZDmpVS9XerpVD1gYL7
cjAfBgNVHSMEGDAWgBTbr7PEPX6ZIN6APotjhLkd6hPeqDAaBgNVHREEEzARgg9q
bmotbGRhcC1zZXJ2ZXIwZQYIKgMEBQYHCAEEWXsiYXR0cnMiOnsiaGYuQWZmaWxp
YXRpb24iOiJqbmoiLCJoZi5FbnJvbGxtZW50SUQiOiJqbmotbGRhcC1zZXJ2ZXIi
LCJoZi5UeXBlIjoiY2xpZW50In19MAoGCCqGSM49BAMCA0gAMEUCIQDBbbexORUa
nrBJG8iSkADdOIW/ZOK7kbpLJ4x6GdTO8gIgfzOqW/9ZJKFM3PBls6bEVacoRLX9
AklAHxajASZK+UU=3D
-----END CERTIFICATE-----
 1 s:C =3D US, ST =3D WA, L =3D Bellevue, O =3D Johnson & Johnson, OU =3D c=
lient + OU =3D jnj, CN =3D rca-jnj-admin
   i:C =3D US, ST =3D WA, L =3D Bellevue, O =3D Johnson & Johnson, CN =3D r=
ca-jnj
-----BEGIN CERTIFICATE-----
MIICQTCCAeegAwIBAgIUBU9O3Wb3BDS8YuWRLYaKClbA9ZcwCgYIKoZIzj0EAwIw
WzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMREwDwYDVQQHEwhCZWxsZXZ1ZTEa
MBgGA1UECgwRSm9obnNvbiAmIEpvaG5zb24xEDAOBgNVBAMTB3JjYS1qbmowHhcN
MTkwMjAxMjMxOTAwWhcNMjQwMTMxMjMyNDAwWjB+MQswCQYDVQQGEwJVUzELMAkG
A1UECBMCV0ExETAPBgNVBAcTCEJlbGxldnVlMRowGAYDVQQKDBFKb2huc29uICYg
Sm9obnNvbjEbMA0GA1UECxMGY2xpZW50MAoGA1UECxMDam5qMRYwFAYDVQQDEw1y
Y2Etam5qLWFkbWluMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEk4b8f5mWq+jf
iMKQBVI8uU7btAF/LSSdXoOXYPW8JyJ23v5wtwRiQ/g4Al/6aIchvAC4QhJRUnz0
DMKuI7GCp6NmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAw
HQYDVR0OBBYEFNuvs8Q9fpkg3oA+i2OEuR3qE96oMB8GA1UdIwQYMBaAFBGV3Han
Nf1T5i8fvDh239lt5W9DMAoGCCqGSM49BAMCA0gAMEUCIQD/4+AUOMBdofQEVsH2
2A6UGiJQvuplLEBA9in0cZTcCQIgcV5K+KCs3a5RNYUWdllakGx8c1f6ISrmk4an
gjeXphQ=3D
-----END CERTIFICATE-----
 2 s:C =3D US, ST =3D WA, L =3D Bellevue, O =3D Johnson & Johnson, CN =3D r=
ca-jnj
   i:C =3D US, ST =3D WA, L =3D Bellevue, O =3D Johnson & Johnson, CN =3D r=
ca-jnj
-----BEGIN CERTIFICATE-----
MIIB/TCCAaOgAwIBAgIUSsxdq02aJCyaIHkIRxRdKvWYG9swCgYIKoZIzj0EAwIw
WzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMREwDwYDVQQHEwhCZWxsZXZ1ZTEa
MBgGA1UECgwRSm9obnNvbiAmIEpvaG5zb24xEDAOBgNVBAMTB3JjYS1qbmowHhcN
MTkwMjAxMjExNDAwWhcNMzQwMTI4MjExNDAwWjBbMQswCQYDVQQGEwJVUzELMAkG
A1UECBMCV0ExETAPBgNVBAcTCEJlbGxldnVlMRowGAYDVQQKDBFKb2huc29uICYg
Sm9obnNvbjEQMA4GA1UEAxMHcmNhLWpuajBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABCF30Cn+O5sD/9n6d3IQQEGiceCTD7gG/5t4dHR4xmvm84HNgRngGKGF4fny
6BXkPSyDguP+L5zozdWDb8dWTQejRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMB
Af8ECDAGAQH/AgEBMB0GA1UdDgQWBBQRldx2pzX9U+YvH7w4dt/ZbeVvQzAKBggq
hkjOPQQDAgNIADBFAiEAkCQcOP+PmyVIMgr/cUsk04qH8lXYO4DqDuH1WSNvGfEC
IBZQGRehpZ604FgkD0YqmiGRV/OzU99em0g3jkmWJbJY
-----END CERTIFICATE-----
---
Server certificate
subject=3DC =3D US, ST =3D WA, L =3D Bellevue, O =3D Johnson & Johnson, OU =
=3D client + OU =3D jnj, CN =3D jnj-ldap-server
issuer=3DC =3D US, ST =3D WA, L =3D Bellevue, O =3D Johnson & Johnson, OU =
=3D client + OU =3D jnj, CN =3D rca-jnj-admin
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2254 bytes and written 391 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
SSL_connect:SSL negotiation finished successfully
SSL_connect:SSL negotiation finished successfully
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 4E6019F281D63D69D1C800DF4D2441CC918FF4A3AFA8A0A6D6D05FFB544=
E91F2
    Session-ID-ctx:
    Resumption PSK: A00E7F64B5EA00718122A6F34EF0EC9167F437BDB832D9C64834D18=
F367E8AD2AD5F9BCF9649330D321DC19D0AB49882
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - ea 7e 5b e0 3d 6f 9f 49-78 07 f5 c0 da 78 58 90   .~[.=3Do.Ix...=
.xX.
    0010 - 00 78 10 a6 94 fb 36 96-f9 8b 17 53 8b 27 14 b5   .x....6....S.'=
..
    0020 - 5d 2d 28 3b db 26 71 44-65 c3 43 d6 8e e8 46 a8   ]-(;.&qDe.C...=
F.
    0030 - 05 8a 34 57 c0 42 71 03-4f 70 ad 20 07 74 fc 94   ..4W.Bq.Op. .t=
..
    0040 - e8 e4 9d 89 d0 45 db 2c-62 4a 28 b6 31 f9 3f af   .....E.,bJ(.1.=
?.
    0050 - 46 7c f7 f8 9f b1 0b 7c-ea 70 a1 f0 4c 2f 62 0a   F|.....|.p..L/=
b.
    0060 - e3 e9 83 47 0e f2 e5 71-a5 0c ba 2a 8d 7d f8 e2   ...G...q...*.}=
..
    0070 - 21 84 1a 1a 86 4f 02 0a-4c 9a 17 77 af 9e 64 1f   !....O..L..w..=
d.
    0080 - 72 c5 e5 45 d1 bb 92 0a-ae fe e9 b1 bc 46 7d 13   r..E.........F=
}.
    0090 - aa 2b 9b c1 3d 92 8b 1d-08 6c 11 12 a0 b7 c8 a3   .+..=3D....l..=
....
    00a0 - b2 bb 2b d9 bd 70 86 0d-91 45 5c 23 b6 b0 6a 3a   ..+..p...E#..=
j:
    00b0 - 61 1d 3a c1 4a 36 48 b4-b3 03 a9 8b 41 94 fd 67   a.:.J6H.....A.=
.g
    00c0 - 53 a6 03 a4 ab c6 a0 7e-e9 39 98 a8 c9 01 bc c0   S......~.9....=
..
Start Time: 1556123794
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
SSL_connect:SSLv3/TLS read server session ticket
read R BLOCK
SSL_connect:SSL negotiation finished successfully
SSL_connect:SSL negotiation finished successfully
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: A7B81922756F8F5B986C7B38E0F29399F8127F52D042EB7D0DCEDB8D4CD=
577B5
    Session-ID-ctx:
    Resumption PSK: 5FDD5DF642126A4F04D05EBBECDBB92BBCBAB6A7E05051224D64669=
3BBD0B964C039185F933442D400BBCBC92A832913
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - ea 7e 5b e0 3d 6f 9f 49-78 07 f5 c0 da 78 58 90   .~[.=3Do.Ix...=
.xX.
    0010 - d3 10 28 b9 01 6b 4b 92-1e 3e ae 3b 7f 4e cc 6c   ..(..kK..>.;.N=
.l
    0020 - 19 d3 0b ac 9c b9 21 4d-ed 78 2c 35 d3 03 ba 11   ......!M.x,5..=
..
    0030 - 22 59 1c 0d 91 a5 da 93-a0 0a 54 88 aa 81 be 89   "Y........T...=
..
    0040 - e0 2e 74 71 8e c8 fd f7-9d 5c 99 15 42 23 47 cf   ..tq.......B#=
G.
    0050 - 0d 56 97 10 f3 f8 02 fe-69 65 e6 1c fa 7d 96 fe   .V......ie...}=
..
    0060 - 86 d2 c2 64 2c 6e 96 3d-14 e2 87 47 91 69 ef df   ...d,n.=3D...G=
.i..
    0070 - 14 d5 75 0d ff da 61 04-26 56 5d 8b d3 4d 2d 2d   ..u...a.&V]..M=
--
    0080 - 78 fa 65 6d ad ef 15 ba-14 45 f0 ba a6 85 fb 95   x.em.....E....=
..
    0090 - dc e5 9b 1c ac e4 66 de-c2 6e 3f e7 1e 47 09 25   ......f..n?..G=
.%
    00a0 - 89 b0 c3 c0 4c 93 64 de-23 3e 58 67 ae f3 7e e4   ....L.d.#>Xg..=
~.
    00b0 - d5 af 4d 31 40 24 87 da-ec e7 3f 8a 48 b5 9d 23   ..M1@$....?.H.=
.#
    00c0 - d4 53 01 fa 18 39 79 0f-9b 9c ea ed 71 63 c5 2f   .S...9y.....qc=
./
Start Time: 1556123794
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
SSL_connect:SSLv3/TLS read server session ticket
read R BLOCK
SSL3 alert read:warning:close notify
closed
SSL3 alert write:warning:close notify
vielle:/home/software/openldap-bug>
###
There is no OpenLDAP bug here. Your server environment is broken.
--
  -- Howard Chu
  CTO, Symas Corp.           https://eur04.safelinks.protection.outlook.com=
/?url=3Dhttp%3A%2F%2Fwww.symas.com&amp;data=3D02%7C01%7C%7Caca4f78e53324b52=
690008d6c8d3cc09%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C6369172093154=
07238&amp;sdata=3DyzZvZLe34LJJfhMqjtBoGhJqMXnLSPdeBExlpYnMKqY%3D&amp;reserv=
ed=3D0
  Director, Highland Sun     https://eur04.safelinks.protection.outlook.com=
/?url=3Dhttp%3A%2F%2Fhighlandsun.com%2Fhyc%2F&amp;data=3D02%7C01%7C%7Caca4f=
78e53324b52690008d6c8d3cc09%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C63=
6917209315407238&amp;sdata=3Dc%2B1myt04g7sv1kXBUCwd1bUgQV4HGrjAgYgsPoAXLpA%=
3D&amp;reserved=3D0
  Chief Architect, OpenLDAP  https://eur04.safelinks.protection.outlook.com=
/?url=3Dhttp%3A%2F%2Fwww.openldap.org%2Fproject%2F&amp;data=3D02%7C01%7C%7C=
aca4f78e53324b52690008d6c8d3cc09%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0=
%7C636917209315407238&amp;sdata=3DbMFyP0JzruNwnxXozQQnUVYg2WrYvQJ1PFDWdgkd6=
zc%3D&amp;reserved=3D0
--_000_MWHPR08MB2400F5334463D5A204E8CF88B53C0MWHPR08MB2400namp_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-=
1">
<style type=3D"text/css" style=3D"display:none;"> P {margin-top:0;margin-bo=
ttom:0;} </style>
</head>
<body dir=3D"ltr">
<div style=3D"font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;=
 color: rgb(0, 0, 0);">
Wow! Thanks for responding so fast. This could be a bug in docker-openldap =
then. we have repro'ed this in two different environments - mac and ubuntu.=
 Do you have a recommendation for docker image for openldap?&nbsp;</div>
<div>
<div id=3D"appendonsend"></div>
<div style=3D"font-family:Calibri,Helvetica,sans-serif; font-size:12pt; col=
or:rgb(0,0,0)">
<br>
</div>
<hr tabindex=3D"-1" style=3D"display:inline-block; width:98%">
<div id=3D"divRplyFwdMsg" dir=3D"ltr"><font face=3D"Calibri, sans-serif" co=
lor=3D"#000000" style=3D"font-size:11pt"><b>From:</b> Howard Chu &lt;hyc@sy=
mas.com&gt;<br>
<b>Sent:</b> Wednesday, April 24, 2019 9:42 AM<br>
<b>To:</b> Siddharth Jain; openldap-its@OpenLDAP.org<br>
<b>Subject:</b> Re: (ITS#9014) OpenLDAP modifies user provided TLS certific=
ate before sending it to client</font>
<div>&nbsp;</div>
</div>
<div class=3D"BodyFragment"><font size=3D"2"><span style=3D"font-size:11pt"=
...
<div class=3D"PlainText">Siddharth Jain wrote:<br>
&gt; we have documented complete steps to repro the bug&nbsp;here &lt;<a hr=
ef=3D"https://eur04.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fg=
ithub.com%2Fsiddjain%2Fopenldap-bug&amp;amp;data=3D02%7C01%7C%7Caca4f78e533=
24b52690008d6c8d3cc09%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C63691720=
9315407238&amp;amp;sdata=3D8VfRtnCNPd%2BFo2Sps%2BLftBG3XcC57ReIFFphK6noyLc%=
3D&amp;amp;reserved=3D0">https://eur04.safelinks.protection.outlook.com/?ur=
l=3Dhttps%3A%2F%2Fgithub.com%2Fsiddjain%2Fopenldap-bug&amp;amp;data=3D02%7C=
01%7C%7Caca4f78e53324b52690008d6c8d3cc09%7C84df9e7fe9f640afb435aaaaaaaaaaaa=
%7C1%7C0%7C636917209315407238&amp;amp;sdata=3D8VfRtnCNPd%2BFo2Sps%2BLftBG3X=
cC57ReIFFphK6noyLc%3D&amp;amp;reserved=3D0</a>&gt;&nbsp;with
 container logs.<br>
<br>
I see no error here.<br>
<br>
Using your cert/key files:<br>
<br>
&gt; ls -l /tmp/jnj<br>
total 12<br>
-rw-r--r-- 1 hyc hyc 1592 Apr 24 17:34 jnj-ca-chain.pem<br>
-rw-r--r-- 1 hyc hyc&nbsp; 241 Apr 24 17:34 jnj-ldap-server-tls.key<br>
-rw-r--r-- 1 hyc hyc 1111 Apr 24 17:34 jnj-ldap-server-tls.pem<br>
<br>
###<br>
<br>
With this slapd config<br>
vielle:~/OD/hobj/tests&gt; cat testrun/slapd.1.conf<br>
<br>
include&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ./schema/core.schem=
a<br>
include&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ./schema/cosine.sch=
ema<br>
include&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ./schema/inetorgper=
son.schema<br>
include&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ./schema/openldap.s=
chema<br>
include&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ./schema/nis.schema=
<br>
include&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ./testdata/test.sch=
ema<br>
<br>
pidfile&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /home/hyc/OD/hobj/t=
ests/testrun/slapd.1.pid<br>
argsfile&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /home/hyc/OD/hobj/tests/=
testrun/slapd.1.args<br>
<br>
sockbuf_max_incoming 4194303<br>
<br>
TLSCAcertificatefile /tmp/jnj/jnj-ca-chain.pem<br>
TLSCertificateFile /tmp/jnj/jnj-ldap-server-tls.pem<br>
TLSCertificateKeyFile /tmp/jnj/jnj-ldap-server-tls.key<br>
<br>
<br>
database&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; mdb<br>
suffix&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &quot;dc=3Dexa=
mple,dc=3Dcom&quot;<br>
rootdn&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &quot;cn=3DMan=
ager,dc=3Dexample,dc=3Dcom&quot;<br>
rootpw&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; secret<br>
directory&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /home/hyc/OD/hobj/tests/testr=
un/db.1.a<br>
index&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; objectCla=
ss&nbsp;&nbsp;&nbsp;&nbsp; eq<br>
index&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; cn,sn,uid=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; pres,eq,sub<br>
maxsize 33554432<br>
<br>
database&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; monitor<br>
###<br>
<br>
And this slapd invocation from the OpenLDAP build tree<br>
vielle:~/OD/hobj/tests&gt; ../servers/slapd/slapd -f testrun/slapd.1.conf -=
h ldaps://:9011 -s0 -d7<br>
<br>
I get no verification error:<br>
&gt; openssl s_client -connect localhost:9011 -state -nbio -CAfile jnj-ca-c=
hain.pem -showcerts<br>
CONNECTED(00000005)<br>
Turned on non blocking io<br>
SSL_connect:before SSL initialization<br>
SSL_connect:SSLv3/TLS write client hello<br>
SSL_connect:error in SSLv3/TLS write client hello<br>
write R BLOCK<br>
SSL_connect:SSLv3/TLS write client hello<br>
SSL_connect:SSLv3/TLS read server hello<br>
SSL_connect:TLSv1.3 read encrypted extensions<br>
depth=3D2 C =3D US, ST =3D WA, L =3D Bellevue, O =3D Johnson &amp; Johnson,=
 CN =3D rca-jnj<br>
verify return:1<br>
depth=3D1 C =3D US, ST =3D WA, L =3D Bellevue, O =3D Johnson &amp; Johnson,=
 OU =3D client &#43; OU =3D jnj, CN =3D rca-jnj-admin<br>
verify return:1<br>
depth=3D0 C =3D US, ST =3D WA, L =3D Bellevue, O =3D Johnson &amp; Johnson,=
 OU =3D client &#43; OU =3D jnj, CN =3D jnj-ldap-server<br>
verify return:1<br>
SSL_connect:SSLv3/TLS read server certificate<br>
SSL_connect:TLSv1.3 read server certificate verify<br>
SSL_connect:SSLv3/TLS read finished<br>
SSL_connect:SSLv3/TLS write change cipher spec<br>
SSL_connect:SSLv3/TLS write finished<br>
read R BLOCK<br>
---<br>
Certificate chain<br>
&nbsp;0 s:C =3D US, ST =3D WA, L =3D Bellevue, O =3D Johnson &amp; Johnson,=
 OU =3D client &#43; OU =3D jnj, CN =3D jnj-ldap-server<br>
&nbsp;&nbsp; i:C =3D US, ST =3D WA, L =3D Bellevue, O =3D Johnson &amp; Joh=
nson, OU =3D client &#43; OU =3D jnj, CN =3D rca-jnj-admin<br>
-----BEGIN CERTIFICATE-----<br>
MIIDBzCCAq2gAwIBAgIUcxrGrCSwJwlQhBEuKztfLgRrtygwCgYIKoZIzj0EAwIw<br>
fjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMREwDwYDVQQHEwhCZWxsZXZ1ZTEa<br>
MBgGA1UECgwRSm9obnNvbiAmIEpvaG5zb24xGzANBgNVBAsTBmNsaWVudDAKBgNV<br>
BAsTA2puajEWMBQGA1UEAxMNcmNhLWpuai1hZG1pbjAeFw0xOTA0MjIxNzE0MDBa<br>
Fw0yMDA0MjExNzE5MDBaMIGAMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExETAP<br>
BgNVBAcTCEJlbGxldnVlMRowGAYDVQQKDBFKb2huc29uICYgSm9obnNvbjEbMA0G<br>
A1UECxMGY2xpZW50MAoGA1UECxMDam5qMRgwFgYDVQQDEw9qbmotbGRhcC1zZXJ2<br>
ZXIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARutu4G452HY8vYKJLw9VXmIuz&#43;<br>
X1XNNwyI6q7KzzwNmTwzWyHIVzxjqNTsTRqY0L0lLI1cko2LsIACqnJTed7yo4IB<br>
BDCCAQAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF<br>
BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTPS&#43;Zc8&#43;ZDmpVS9XerpVD1gYL7<br=
...
cjAfBgNVHSMEGDAWgBTbr7PEPX6ZIN6APotjhLkd6hPeqDAaBgNVHREEEzARgg9q<br>
bmotbGRhcC1zZXJ2ZXIwZQYIKgMEBQYHCAEEWXsiYXR0cnMiOnsiaGYuQWZmaWxp<br>
YXRpb24iOiJqbmoiLCJoZi5FbnJvbGxtZW50SUQiOiJqbmotbGRhcC1zZXJ2ZXIi<br>
LCJoZi5UeXBlIjoiY2xpZW50In19MAoGCCqGSM49BAMCA0gAMEUCIQDBbbexORUa<br>
nrBJG8iSkADdOIW/ZOK7kbpLJ4x6GdTO8gIgfzOqW/9ZJKFM3PBls6bEVacoRLX9<br>
AklAHxajASZK&#43;UU=3D<br>
-----END CERTIFICATE-----<br>
&nbsp;1 s:C =3D US, ST =3D WA, L =3D Bellevue, O =3D Johnson &amp; Johnson,=
 OU =3D client &#43; OU =3D jnj, CN =3D rca-jnj-admin<br>
&nbsp;&nbsp; i:C =3D US, ST =3D WA, L =3D Bellevue, O =3D Johnson &amp; Joh=
nson, CN =3D rca-jnj<br>
-----BEGIN CERTIFICATE-----<br>
MIICQTCCAeegAwIBAgIUBU9O3Wb3BDS8YuWRLYaKClbA9ZcwCgYIKoZIzj0EAwIw<br>
WzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMREwDwYDVQQHEwhCZWxsZXZ1ZTEa<br>
MBgGA1UECgwRSm9obnNvbiAmIEpvaG5zb24xEDAOBgNVBAMTB3JjYS1qbmowHhcN<br>
MTkwMjAxMjMxOTAwWhcNMjQwMTMxMjMyNDAwWjB&#43;MQswCQYDVQQGEwJVUzELMAkG<br>
A1UECBMCV0ExETAPBgNVBAcTCEJlbGxldnVlMRowGAYDVQQKDBFKb2huc29uICYg<br>
Sm9obnNvbjEbMA0GA1UECxMGY2xpZW50MAoGA1UECxMDam5qMRYwFAYDVQQDEw1y<br>
Y2Etam5qLWFkbWluMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEk4b8f5mWq&#43;jf<br>
iMKQBVI8uU7btAF/LSSdXoOXYPW8JyJ23v5wtwRiQ/g4Al/6aIchvAC4QhJRUnz0<br>
DMKuI7GCp6NmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAw<br>
HQYDVR0OBBYEFNuvs8Q9fpkg3oA&#43;i2OEuR3qE96oMB8GA1UdIwQYMBaAFBGV3Han<br>
Nf1T5i8fvDh239lt5W9DMAoGCCqGSM49BAMCA0gAMEUCIQD/4&#43;AUOMBdofQEVsH2<br>
2A6UGiJQvuplLEBA9in0cZTcCQIgcV5K&#43;KCs3a5RNYUWdllakGx8c1f6ISrmk4an<br>
gjeXphQ=3D<br>
-----END CERTIFICATE-----<br>
&nbsp;2 s:C =3D US, ST =3D WA, L =3D Bellevue, O =3D Johnson &amp; Johnson,=
 CN =3D rca-jnj<br>
&nbsp;&nbsp; i:C =3D US, ST =3D WA, L =3D Bellevue, O =3D Johnson &amp; Joh=
nson, CN =3D rca-jnj<br>
-----BEGIN CERTIFICATE-----<br>
MIIB/TCCAaOgAwIBAgIUSsxdq02aJCyaIHkIRxRdKvWYG9swCgYIKoZIzj0EAwIw<br>
WzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMREwDwYDVQQHEwhCZWxsZXZ1ZTEa<br>
MBgGA1UECgwRSm9obnNvbiAmIEpvaG5zb24xEDAOBgNVBAMTB3JjYS1qbmowHhcN<br>
MTkwMjAxMjExNDAwWhcNMzQwMTI4MjExNDAwWjBbMQswCQYDVQQGEwJVUzELMAkG<br>
A1UECBMCV0ExETAPBgNVBAcTCEJlbGxldnVlMRowGAYDVQQKDBFKb2huc29uICYg<br>
Sm9obnNvbjEQMA4GA1UEAxMHcmNhLWpuajBZMBMGByqGSM49AgEGCCqGSM49AwEH<br>
A0IABCF30Cn&#43;O5sD/9n6d3IQQEGiceCTD7gG/5t4dHR4xmvm84HNgRngGKGF4fny<br>
6BXkPSyDguP&#43;L5zozdWDb8dWTQejRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMB<br>
Af8ECDAGAQH/AgEBMB0GA1UdDgQWBBQRldx2pzX9U&#43;YvH7w4dt/ZbeVvQzAKBggq<br>
hkjOPQQDAgNIADBFAiEAkCQcOP&#43;PmyVIMgr/cUsk04qH8lXYO4DqDuH1WSNvGfEC<br>
IBZQGRehpZ604FgkD0YqmiGRV/OzU99em0g3jkmWJbJY<br>
-----END CERTIFICATE-----<br>
---<br>
Server certificate<br>
subject=3DC =3D US, ST =3D WA, L =3D Bellevue, O =3D Johnson &amp; Johnson,=
 OU =3D client &#43; OU =3D jnj, CN =3D jnj-ldap-server<br>
<br>
issuer=3DC =3D US, ST =3D WA, L =3D Bellevue, O =3D Johnson &amp; Johnson, =
OU =3D client &#43; OU =3D jnj, CN =3D rca-jnj-admin<br>
<br>
---<br>
No client certificate CA names sent<br>
Peer signing digest: SHA256<br>
Peer signature type: ECDSA<br>
Server Temp Key: X25519, 253 bits<br>
---<br>
SSL handshake has read 2254 bytes and written 391 bytes<br>
Verification: OK<br>
---<br>
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384<br>
Server public key is 256 bit<br>
Secure Renegotiation IS NOT supported<br>
Compression: NONE<br>
Expansion: NONE<br>
No ALPN negotiated<br>
Early data was not sent<br>
Verify return code: 0 (ok)<br>
---<br>
SSL_connect:SSL negotiation finished successfully<br>
SSL_connect:SSL negotiation finished successfully<br>
---<br>
Post-Handshake New Session Ticket arrived:<br>
SSL-Session:<br>
&nbsp;&nbsp;&nbsp; Protocol&nbsp; : TLSv1.3<br>
&nbsp;&nbsp;&nbsp; Cipher&nbsp;&nbsp;&nbsp; : TLS_AES_256_GCM_SHA384<br>
&nbsp;&nbsp;&nbsp; Session-ID: 4E6019F281D63D69D1C800DF4D2441CC918FF4A3AFA8=
A0A6D6D05FFB544E91F2<br>
&nbsp;&nbsp;&nbsp; Session-ID-ctx:<br>
&nbsp;&nbsp;&nbsp; Resumption PSK: A00E7F64B5EA00718122A6F34EF0EC9167F437BD=
B832D9C64834D18F367E8AD2AD5F9BCF9649330D321DC19D0AB49882<br>
&nbsp;&nbsp;&nbsp; PSK identity: None<br>
&nbsp;&nbsp;&nbsp; PSK identity hint: None<br>
&nbsp;&nbsp;&nbsp; SRP username: None<br>
&nbsp;&nbsp;&nbsp; TLS session ticket lifetime hint: 7200 (seconds)<br>
&nbsp;&nbsp;&nbsp; TLS session ticket:<br>
&nbsp;&nbsp;&nbsp; 0000 - ea 7e 5b e0 3d 6f 9f 49-78 07 f5 c0 da 78 58 90&n=
bsp;&nbsp; .~[.=3Do.Ix....xX.<br>
&nbsp;&nbsp;&nbsp; 0010 - 00 78 10 a6 94 fb 36 96-f9 8b 17 53 8b 27 14 b5&n=
bsp;&nbsp; .x....6....S.'..<br>
&nbsp;&nbsp;&nbsp; 0020 - 5d 2d 28 3b db 26 71 44-65 c3 43 d6 8e e8 46 a8&n=
bsp;&nbsp; ]-(;.&amp;qDe.C...F.<br>
&nbsp;&nbsp;&nbsp; 0030 - 05 8a 34 57 c0 42 71 03-4f 70 ad 20 07 74 fc 94&n=
bsp;&nbsp; ..4W.Bq.Op. .t..<br>
&nbsp;&nbsp;&nbsp; 0040 - e8 e4 9d 89 d0 45 db 2c-62 4a 28 b6 31 f9 3f af&n=
bsp;&nbsp; .....E.,bJ(.1.?.<br>
&nbsp;&nbsp;&nbsp; 0050 - 46 7c f7 f8 9f b1 0b 7c-ea 70 a1 f0 4c 2f 62 0a&n=
bsp;&nbsp; F|.....|.p..L/b.<br>
&nbsp;&nbsp;&nbsp; 0060 - e3 e9 83 47 0e f2 e5 71-a5 0c ba 2a 8d 7d f8 e2&n=
bsp;&nbsp; ...G...q...*.}..<br>
&nbsp;&nbsp;&nbsp; 0070 - 21 84 1a 1a 86 4f 02 0a-4c 9a 17 77 af 9e 64 1f&n=
bsp;&nbsp; !....O..L..w..d.<br>
&nbsp;&nbsp;&nbsp; 0080 - 72 c5 e5 45 d1 bb 92 0a-ae fe e9 b1 bc 46 7d 13&n=
bsp;&nbsp; r..E.........F}.<br>
&nbsp;&nbsp;&nbsp; 0090 - aa 2b 9b c1 3d 92 8b 1d-08 6c 11 12 a0 b7 c8 a3&n=
bsp;&nbsp; .&#43;..=3D....l......<br>
&nbsp;&nbsp;&nbsp; 00a0 - b2 bb 2b d9 bd 70 86 0d-91 45 5c 23 b6 b0 6a 3a&n=
bsp;&nbsp; ..&#43;..p...E#..j:<br>
&nbsp;&nbsp;&nbsp; 00b0 - 61 1d 3a c1 4a 36 48 b4-b3 03 a9 8b 41 94 fd 67&n=
bsp;&nbsp; a.:.J6H.....A..g<br>
&nbsp;&nbsp;&nbsp; 00c0 - 53 a6 03 a4 ab c6 a0 7e-e9 39 98 a8 c9 01 bc c0&n=
bsp;&nbsp; S......~.9......<br>
<br>
&nbsp;&nbsp;&nbsp; Start Time: 1556123794<br>
&nbsp;&nbsp;&nbsp; Timeout&nbsp;&nbsp; : 7200 (sec)<br>
&nbsp;&nbsp;&nbsp; Verify return code: 0 (ok)<br>
&nbsp;&nbsp;&nbsp; Extended master secret: no<br>
&nbsp;&nbsp;&nbsp; Max Early Data: 0<br>
---<br>
SSL_connect:SSLv3/TLS read server session ticket<br>
read R BLOCK<br>
SSL_connect:SSL negotiation finished successfully<br>
SSL_connect:SSL negotiation finished successfully<br>
---<br>
Post-Handshake New Session Ticket arrived:<br>
SSL-Session:<br>
&nbsp;&nbsp;&nbsp; Protocol&nbsp; : TLSv1.3<br>
&nbsp;&nbsp;&nbsp; Cipher&nbsp;&nbsp;&nbsp; : TLS_AES_256_GCM_SHA384<br>
&nbsp;&nbsp;&nbsp; Session-ID: A7B81922756F8F5B986C7B38E0F29399F8127F52D042=
EB7D0DCEDB8D4CD577B5<br>
&nbsp;&nbsp;&nbsp; Session-ID-ctx:<br>
&nbsp;&nbsp;&nbsp; Resumption PSK: 5FDD5DF642126A4F04D05EBBECDBB92BBCBAB6A7=
E05051224D646693BBD0B964C039185F933442D400BBCBC92A832913<br>
&nbsp;&nbsp;&nbsp; PSK identity: None<br>
&nbsp;&nbsp;&nbsp; PSK identity hint: None<br>
&nbsp;&nbsp;&nbsp; SRP username: None<br>
&nbsp;&nbsp;&nbsp; TLS session ticket lifetime hint: 7200 (seconds)<br>
&nbsp;&nbsp;&nbsp; TLS session ticket:<br>
&nbsp;&nbsp;&nbsp; 0000 - ea 7e 5b e0 3d 6f 9f 49-78 07 f5 c0 da 78 58 90&n=
bsp;&nbsp; .~[.=3Do.Ix....xX.<br>
&nbsp;&nbsp;&nbsp; 0010 - d3 10 28 b9 01 6b 4b 92-1e 3e ae 3b 7f 4e cc 6c&n=
bsp;&nbsp; ..(..kK..&gt;.;.N.l<br>
&nbsp;&nbsp;&nbsp; 0020 - 19 d3 0b ac 9c b9 21 4d-ed 78 2c 35 d3 03 ba 11&n=
bsp;&nbsp; ......!M.x,5....<br>
&nbsp;&nbsp;&nbsp; 0030 - 22 59 1c 0d 91 a5 da 93-a0 0a 54 88 aa 81 be 89&n=
bsp;&nbsp; &quot;Y........T.....<br>
&nbsp;&nbsp;&nbsp; 0040 - e0 2e 74 71 8e c8 fd f7-9d 5c 99 15 42 23 47 cf&n=
bsp;&nbsp; ..tq.......B#G.<br>
&nbsp;&nbsp;&nbsp; 0050 - 0d 56 97 10 f3 f8 02 fe-69 65 e6 1c fa 7d 96 fe&n=
bsp;&nbsp; .V......ie...}..<br>
&nbsp;&nbsp;&nbsp; 0060 - 86 d2 c2 64 2c 6e 96 3d-14 e2 87 47 91 69 ef df&n=
bsp;&nbsp; ...d,n.=3D...G.i..<br>
&nbsp;&nbsp;&nbsp; 0070 - 14 d5 75 0d ff da 61 04-26 56 5d 8b d3 4d 2d 2d&n=
bsp;&nbsp; ..u...a.&amp;V]..M--<br>
&nbsp;&nbsp;&nbsp; 0080 - 78 fa 65 6d ad ef 15 ba-14 45 f0 ba a6 85 fb 95&n=
bsp;&nbsp; x.em.....E......<br>
&nbsp;&nbsp;&nbsp; 0090 - dc e5 9b 1c ac e4 66 de-c2 6e 3f e7 1e 47 09 25&n=
bsp;&nbsp; ......f..n?..G.%<br>
&nbsp;&nbsp;&nbsp; 00a0 - 89 b0 c3 c0 4c 93 64 de-23 3e 58 67 ae f3 7e e4&n=
bsp;&nbsp; ....L.d.#&gt;Xg..~.<br>
&nbsp;&nbsp;&nbsp; 00b0 - d5 af 4d 31 40 24 87 da-ec e7 3f 8a 48 b5 9d 23&n=
bsp;&nbsp; ..M1@$....?.H..#<br>
&nbsp;&nbsp;&nbsp; 00c0 - d4 53 01 fa 18 39 79 0f-9b 9c ea ed 71 63 c5 2f&n=
bsp;&nbsp; .S...9y.....qc./<br>
<br>
&nbsp;&nbsp;&nbsp; Start Time: 1556123794<br>
&nbsp;&nbsp;&nbsp; Timeout&nbsp;&nbsp; : 7200 (sec)<br>
&nbsp;&nbsp;&nbsp; Verify return code: 0 (ok)<br>
&nbsp;&nbsp;&nbsp; Extended master secret: no<br>
&nbsp;&nbsp;&nbsp; Max Early Data: 0<br>
---<br>
SSL_connect:SSLv3/TLS read server session ticket<br>
read R BLOCK<br>
SSL3 alert read:warning:close notify<br>
closed<br>
SSL3 alert write:warning:close notify<br>
vielle:/home/software/openldap-bug&gt;<br>
###<br>
<br>
There is no OpenLDAP bug here. Your server environment is broken.<br>
-- <br>
&nbsp; -- Howard Chu<br>
&nbsp; CTO, Symas Corp.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp; <a href=3D"https://eur04.safelinks.protection.outlook.com/?url=3Dh=
ttp%3A%2F%2Fwww.symas.com&amp;amp;data=3D02%7C01%7C%7Caca4f78e53324b5269000=
8d6c8d3cc09%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636917209315407238=
&amp;amp;sdata=3DyzZvZLe34LJJfhMqjtBoGhJqMXnLSPdeBExlpYnMKqY%3D&amp;amp;res=
erved=3D0">
https://eur04.safelinks.protection.outlook.com/?url=3Dhttp%3A%2F%2Fwww.syma=
s.com&amp;amp;data=3D02%7C01%7C%7Caca4f78e53324b52690008d6c8d3cc09%7C84df9e=
7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636917209315407238&amp;amp;sdata=3DyzZ=
vZLe34LJJfhMqjtBoGhJqMXnLSPdeBExlpYnMKqY%3D&amp;amp;reserved=3D0</a><br>
&nbsp; Director, Highland Sun&nbsp;&nbsp;&nbsp;&nbsp; <a href=3D"https://eu=
r04.safelinks.protection.outlook.com/?url=3Dhttp%3A%2F%2Fhighlandsun.com%2F=
hyc%2F&amp;amp;data=3D02%7C01%7C%7Caca4f78e53324b52690008d6c8d3cc09%7C84df9=
e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636917209315407238&amp;amp;sdata=3Dc%=
2B1myt04g7sv1kXBUCwd1bUgQV4HGrjAgYgsPoAXLpA%3D&amp;amp;reserved=3D0">
https://eur04.safelinks.protection.outlook.com/?url=3Dhttp%3A%2F%2Fhighland=
sun.com%2Fhyc%2F&amp;amp;data=3D02%7C01%7C%7Caca4f78e53324b52690008d6c8d3cc=
09%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636917209315407238&amp;amp;=
sdata=3Dc%2B1myt04g7sv1kXBUCwd1bUgQV4HGrjAgYgsPoAXLpA%3D&amp;amp;reserved=
=3D0</a><br>
&nbsp; Chief Architect, OpenLDAP&nbsp; <a href=3D"https://eur04.safelinks.p=
rotection.outlook.com/?url=3Dhttp%3A%2F%2Fwww.openldap.org%2Fproject%2F&amp=
;amp;data=3D02%7C01%7C%7Caca4f78e53324b52690008d6c8d3cc09%7C84df9e7fe9f640a=
fb435aaaaaaaaaaaa%7C1%7C0%7C636917209315407238&amp;amp;sdata=3DbMFyP0JzruNw=
nxXozQQnUVYg2WrYvQJ1PFDWdgkd6zc%3D&amp;amp;reserved=3D0">
https://eur04.safelinks.protection.outlook.com/?url=3Dhttp%3A%2F%2Fwww.open=
ldap.org%2Fproject%2F&amp;amp;data=3D02%7C01%7C%7Caca4f78e53324b52690008d6c=
8d3cc09%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636917209315407238&amp=
;amp;sdata=3DbMFyP0JzruNwnxXozQQnUVYg2WrYvQJ1PFDWdgkd6zc%3D&amp;amp;reserve=
d=3D0</a><br>
</div>
</span></font></div>
</div>
</body>
</html>
--_000_MWHPR08MB2400F5334463D5A204E8CF88B53C0MWHPR08MB2400namp_--