[Pkg-openldap-devel] Bug#462588: (ITS#5341) Invalid TLSCipherSuite causes hang

Steve Langasek vorlon at debian.org
Fri Feb 1 21:22:37 UTC 2008


Hi Kyle,

On Fri, Feb 01, 2008 at 12:15:52AM -0500, Kyle Moffett wrote:
> On Jan 29, 2008 2:55 PM, Steve Langasek <vorlon at debian.org> wrote:
> > On Tue, Jan 29, 2008 at 11:31:43AM -0800, Quanah Gibson-Mount wrote:
> > > --On Tuesday, January 29, 2008 11:09 AM -0800 Steve Langasek <vorlon at debian.org> wrote:
> > > > Anyway, the documented syntax for TLSCipherSuite is "$cipher1:$cipher2",
> > > > not "$cipher1 $cipher2"; but setting such values gives me a hang on
> > > > startup (which should be investigated).

> > > Filed upstream:
> > > <http://www.OpenLDAP.org/its/index.cgi?findid=5341>

> > Sorry, the description of this ITS is inverted.  It's *valid* ciphersuite
> > values (i.e., "cipher1:cipher2") that cause the hang; invalid
> > space-separated values are merely truncated after the first cipher in the
> > list, which doesn't cause a hang, it just prevents the cipher list from
> > being useful.

> Steve, would you mind testing the patch I posted there?  It fixed the
> problem for me when I wrote it a month or two ago, hopefully it will
> fix the problem for you too.

Thanks, I can confirm this fixes the problem here.  I'm able to set multiple
ciphers in a TLSCipherSuite list, and able to connect appropriately with
ldapsearch and gnutls-cli after the change.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org





More information about the Pkg-openldap-devel mailing list