Segfault when setting bad olcTLSCipherSuite
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openldap (Ubuntu) |
Triaged
|
Medium
|
Unassigned |
Bug Description
Steps to reproduce:
1. Configure olcTLSCertifica
dn: cn=config
changeType: modify
add: olcTLSCertifica
olcTLSCertifica
-
add: olcTLSCertifica
olcTLSCertifica
(At this point openldap started to support STARTTLS and began working as a sssd authentication backend.)
2. Try configuring olcTLSCipherSuite to an openssl kind, for example:
dn: cn=config
changeType: modify
add: olcTLSCipherSuite
olcTLSCipherSuite: TLSv1+RSA:
Expected result in gnutls compiled openldap: some kind of refusal of configuration change (gnutls does not apparently support any kind of ciphersuite names like openssl).
Actual result: segfault [01-slapd-
Syslog message about crash: kernel: [ 4158.532053] slapd[2696]: segfault at 7fa824106008 ip 00007fa837ad10b5 sp 00007fa830df8110 error 4 in libc-2.
From administrators perspective openldap would be easier to configure should it be compiled against openssl instead of gnutls as ciphersuites would be simpler to specify. I'm not aware if openssl build would crash here as well. Crash is however rather bad indicator of "unsupported configuration value".
# apt-cache policy slapd
slapd:
Installed: 2.4.28-1.1ubuntu4
Candidate: 2.4.28-1.1ubuntu4
Version table:
*** 2.4.28-1.1ubuntu4 0
500 http://
100 /var/lib/
# lsb_release -rd
Description: Ubuntu 12.04 LTS
Release: 12.04
# slapd -VVV
@(#) $OpenLDAP: slapd (Apr 5 2012 16:22:20) $
Included static backends:
config
ldif
Marking Medium importance.