siddjain@live.com wrote:

--_000_MWHPR08MB24000D77048AFCF7465C4397B53C0MWHPR08MB2400namp_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

could you send me output of running

openssl version -a

on your system? thanks

openssl version -a

OpenSSL 1.1.1 11 Sep 2018 built on: Tue Dec 4 13:15:09 2018 UTC platform: debian-amd64 options: bn(64,64) rc4(8x,int) des(int) blowfish(ptr) compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-DovhWu/openssl-1.1.1=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2 OPENSSLDIR: "/usr/lib/ssl" ENGINESDIR: "/usr/lib/x86_64-linux-gnu/engines-1.1" Seeding source: os-specific

---

From: Howard Chu hyc@symas.com Sent: Wednesday, April 24, 2019 10:04 AM To: Siddharth Jain; openldap-its@OpenLDAP.org Subject: Re: (ITS#9014) OpenLDAP modifies user provided TLS certificate bef= ore sending it to client

Siddharth Jain wrote:

...

Wow! Thanks for responding so fast. This could be a bug in docker-openlda=

p then. we have repro'ed this in two different environments - mac and ubunt= u. Do you

...

have a recommendation for docker image for openldap?

As I said before, OpenLDAP doesn't touch the certificate files, it merely t= ells the TLS library where they are. You must likely have a broken TLS library.