Thanks for all the debug effort!
I've gone back and double-checked the code that was causing the failure,
and at some point during the testing it had been changed so that the
return from ldap_start_tls_s wasn't being checked (as it always returned
true), and instead a check was being made against
I think it falls into the gaps between the various packaging approaches
and distributions.
>From the discussions with the OpenLDAP chaps, they were pretty confident
that they couldn't replicate the issue with the package built against
OpenSSL, plus there was some talk of issue being related to a
https://cwe.mitre.org/data/definitions/295.html
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1835181
Title:
OpenLDAP LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between
ldaps:// and ldap://
And just to add a real world example. If you use one of the dependent
packages (apache, exim, squid, samaba, php, postress etc.) and use LDAP
for your auth, then the SSL is worthless and anyone with access to the
network can intercept and recover the credentials in the
request/response.
--
You
De nada: my pleasure.
Just to make sure that the issue is clear though, it's worth spelling it
out.
The core of the issue is that in it's present form (and going back
multiple distributions) the default configuration for connections using
SSL via STARTTLS (which is the norm) does not check the
I don't think they have: my ticket is still open with them too. :(
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1547927
Title:
LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and
I can check again, but the last time I looked this was still broken ...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1547927
Title:
LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between