Comment 25 for bug 1103353
Revision history for this message
| Ryan Tandy (rtandy) wrote Re: [Bug 1103353] Re: Invalid GnuTLS cipher suite strings causeslibldapto crash | #25 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
On Fri, Apr 10, 2015 at 04:30:32PM -0000, Harry Coin wrote:
>Steps to reproduce:
>1) Install older version that used openssl.
>2) Set up a cipher suite of any sort.
>3) Validate ldaps operation.
>4) "upgrade" using current version built against gnutls.
>5) Notice slapd won't start, complaining of double free, upgrade fails.
The nit-picker in me feels compelled to point out that the
openssl→gnutls change invalidating existing TLSCipherSuite settings
actually was dealt with, sort of:
http://
(This would have been applied when upgrading to hardy.)
However, in 2.4.14 the cipher suite parser used for gnutls was changed,
but this time there was no such upgrade handling:
http://
http://
AFAIK the latter change, not the former, would have introduced this when
upgrading to jaunty (or for LTS users, from hardy to lucid).
FWIW, upstream explicitly documents in ldap.conf(5) that TLSCipherSuite
settings are implementation dependent, and that openssl and gnutls
ciphersuite strings are not compatible. Even after fixing the
double-free, a manual "reconfigure ciphersuites for gnutls" step is
required in the upgrade steps listed above...