On Fri, Sep 29, 2006 at 08:51:18AM -0600, Berg, Michael wrote: > I have also verified TLS operation with my currently installed (and > working) libnss-ldap version 238 by capturing loopback traffic with > wireshark/ethereal and performing multiple back-to-back "getent passwd" > commands which (as documented previously) exercises libnss-ldap and slapd > and drain the entropy pool. The only non-encrypted LDAP traffic in the > captures is when certificates information is being exchanged as part of the > STARTTLS and I can see the strings from my CA info going back and forth.
Hm. I still don't see any reasonable explanation as of why this happens. So far, the factors mentioned (AFAICS) have been: - Draining of the entropy pool -- but this should have been the same in both versions, and should have gone back to /dev/urandom anyhow? - Changed reconnection logic -- but it shouldn't have failed in the first place, should it? - Changed default bind policy from soft to hard -- again, as it actually returned the _right_ result in the end for 238, it shouldn't really fail. Perhaps we should try a binary search across upstream versions? /* Steinar */ -- Homepage: http://www.sesse.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
