-
Notifications
You must be signed in to change notification settings - Fork 121
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CONNECT_ERROR in 3rd TLS handshake on Fedora (NSS backend) #60
Comments
I was able to track this down to a problem with NSS layer in openldap. It looks like
Next session
|
See python-ldap#60 Signed-off-by: Christian Heimes <cheimes@redhat.com>
See python-ldap#60 Signed-off-by: Christian Heimes <cheimes@redhat.com>
Fedora issue: https://bugzilla.redhat.com/show_bug.cgi?id=1519167 |
See python-ldap#60 Signed-off-by: Christian Heimes <cheimes@redhat.com>
Some TLS tests are broken or flaky when libldap is compiled with NSS as TLS provider. It currently affects Fedora 27 and older releases. Fedora issue: https://bugzilla.redhat.com/show_bug.cgi?id=1519167 python-ldap#60 Signed-off-by: Christian Heimes <cheimes@redhat.com>
Some TLS tests are broken or flaky when libldap is compiled with NSS as TLS provider. It currently affects Fedora 27 and older releases. Fedora issue: https://bugzilla.redhat.com/show_bug.cgi?id=1519167 python-ldap#60 Signed-off-by: Christian Heimes <cheimes@redhat.com>
Some TLS tests are broken or flaky when libldap is compiled with NSS as TLS provider. It currently affects Fedora 27 and older releases. Fedora issue: https://bugzilla.redhat.com/show_bug.cgi?id=1519167 python-ldap#60 Signed-off-by: Christian Heimes <cheimes@redhat.com>
Some TLS tests are broken or flaky when libldap is compiled with NSS as TLS provider. It currently affects Fedora 27 and older releases. Fedora issue: https://bugzilla.redhat.com/show_bug.cgi?id=1519167 python-ldap#60 Signed-off-by: Christian Heimes <cheimes@redhat.com>
Some TLS tests are broken or flaky when libldap is compiled with NSS as TLS provider. It currently affects Fedora 27 and older releases. Fedora issue: https://bugzilla.redhat.com/show_bug.cgi?id=1519167 python-ldap#60 Signed-off-by: Christian Heimes <cheimes@redhat.com>
See python-ldap#60 Signed-off-by: Christian Heimes <cheimes@redhat.com>
See python-ldap#60 Signed-off-by: Christian Heimes <cheimes@redhat.com>
It was an issue in OpenLDAP's NSS backend, see https://bugzilla.redhat.com/show_bug.cgi?id=1520990 for more details. Matus Honek has pushed fixes:
|
The NSS issue has been fixed in Fedora update openldap-2.4.45-2.fc26 and openldap-2.4.45-4.fc27. Fedora users can now execute all tests. Includes documentation for build requirements and minimum versions on Fedora. See: https://bugzilla.redhat.com/show_bug.cgi?id=1520990 Closes: python-ldap#60 Closes: python-ldap#51 Signed-off-by: Christian Heimes <cheimes@redhat.com>
The NSS issue has been fixed in Fedora update openldap-2.4.45-2.fc26 and openldap-2.4.45-4.fc27. Fedora users can now execute all tests. Includes documentation for build requirements and minimum versions on Fedora. See: https://bugzilla.redhat.com/show_bug.cgi?id=1520990 Closes: python-ldap#60 Closes: python-ldap#51 Signed-off-by: Christian Heimes <cheimes@redhat.com>
The new test case simply creates 10 connections and calls start_tls_s() after OPT_X_TLS_NEWCTX. See: python-ldap#60 Signed-off-by: Christian Heimes <cheimes@redhat.com>
PR #42 introduced a test for SASL EXTERNAL auth with TLS client certs. The test case works fine on Travis (Ubuntu). It's also passing on Fedora 27 when executed alone. But when executed with the rest of the test case, slapd refuses STARTTLS with CONNECT_ERROR. PR #59 disables the test temporarily.
I need to investigate why the test is failing. It might be related to the fact that Fedora uses NSS instead of OpenSSL.
The text was updated successfully, but these errors were encountered: