Ubuntu
ubuntu-docs package

slapd crashes with b/trace when starting with SSL certs

Bug #1288791 reported by Raphael Mankin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntu-docs (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

I have a working openldap and tried to add SSL to it. On startup it crashes with a backtrace. (file attached).

The certificate is self-signed and was generated with openssl and /usr/lib/ssl/misc/CA.pl

Here is cn=config.ldif:

dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/slapd/slapd.args
olcLogLevel: none
olcPidFile: /var/run/slapd/slapd.pid
olcToolThreads: 1
structuralObjectClass: olcGlobal
entryUUID: 83598b02-2f2e-1033-9b00-657712233969
creatorsName: cn=config
olcTLSCACertificateFile: /etc/ssl/demoCA/cacert.pem
olcTLSCertificateKeyFile: /etc/ssl/newreq.pem
olcTLSCertificateFile: /etc/ssl/newcert.pem
olcTLSCipherSuite: TLSv2+RSA:!NULL

All files are readable by a non-priviledged user.

 lsb_release -rd
Description: Ubuntu 12.10
Release: 12.10

 apt-cache policy slapd
slapd:
  Installed: 2.4.31-1ubuntu2
  Candidate: 2.4.31-1ubuntu2
  Version table:
 *** 2.4.31-1ubuntu2 0
        500 http://gb.archive.ubuntu.com/ubuntu/ quantal/main amd64 Packages
        100 /var/lib/dpkg/status

apt-cache policy openssl
openssl:
  Installed: 1.0.1c-3ubuntu2.6
  Candidate: 1.0.1c-3ubuntu2.6
  Version table:
 *** 1.0.1c-3ubuntu2.6 0
        500 http://gb.archive.ubuntu.com/ubuntu/ quantal-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu/ quantal-security/main amd64 Packages
        100 /var/lib/dpkg/status
     1.0.1c-3ubuntu2 0
        500 http://gb.archive.ubuntu.com/ubuntu/ quantal/main amd64 Packages

Revision history for this message
Raphael Mankin (raph-p) wrote :
Revision history for this message
Peter Matulis (petermatulis) wrote :

Why was this bug filed against ubuntu-docs ?

Anyway, Debian/Ubuntu does not use OpenSSL libraries due to licencing issues. Try to generate your cryptographic material with the GnuTLS toolset instead.

Material created with either libraries should be inter-compatible but that's not the case with ciphers and hashes.

Revision history for this message
Raphael Mankin (raph-p) wrote : Re: [Bug 1288791] Re: slapd crashes with b/trace when starting with SSL certs

'ubuntu-docs' was the default value pre-populated on the web page. I
changed it to 'slapd', but your comment suggests that my change was
ineffective.

On Fri, 2014-03-07 at 06:21 +0000, Peter Matulis wrote:
> Why was this bug filed against ubuntu-docs ?
>
> Anyway, Debian/Ubuntu does not use OpenSSL libraries due to licencing
> issues. Try to generate your cryptographic material with the GnuTLS
> toolset instead.
>
> Material created with either libraries should be inter-compatible but
> that's not the case with ciphers and hashes.
>

Gunnar Hjalmarsson (gunnarhj)
Changed in ubuntu-docs (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.