[Freeipa-devel] [PATCH] 934 don't bind on TLS connect failure
Rob Crittenden
rcritten at redhat.com
Thu Jan 26 21:37:59 UTC 2012
In our installer LDAP library (also used by replication tools) we handle
the case where the remote server hasn't started yet (wait_on_bind). What
this doesn't handle is if the connection fails with SERVER_DOWN due to a
TLS failure like hostname doesn't match the remote cert.
Binding anyway causes a segfault in openldap.
I've opened a bug against openldap, it shouldn't segfault. I also added
this patch as a workaround.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-934-bind.patch
Type: text/x-diff
Size: 1212 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120126/7e609d1f/attachment.bin>
More information about the Freeipa-devel
mailing list