If the server is processing a start tls extop, and is sending back the "Start TLS request accepted.Server willing to negotiate SSL." response, and the ber_flush() call in flush_ber() returns non-zero, the server will deadlock.
One problem is that it is very difficult to get the server to return an error at this point. The customer is using an F5 load balancer and that seems to have something to do with it.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=968503
0001-Ticket-47375-flush_ber-error-sending-back-start_tls-.patch 0001-Ticket-47375-flush_ber-error-sending-back-start_tls-.patch
18ff720..01f7e5b 389-ds-base-1.2.11 -> 389-ds-base-1.2.11 commit 01f7e5b Author: Rich Megginson rmeggins@redhat.com Date: Wed May 29 18:44:26 2013 -0600 c886ecf..e57be70 389-ds-base-1.3.0 -> 389-ds-base-1.3.0 commit e57be70 Author: Rich Megginson rmeggins@redhat.com Date: Wed May 29 18:44:26 2013 -0600 5fae016..188fbd9 389-ds-base-1.3.1 -> 389-ds-base-1.3.1 commit 188fbd9 Author: Rich Megginson rmeggins@redhat.com Date: Wed May 29 18:44:26 2013 -0600 ecaf067..944f7cd master -> master commit 944f7cd Author: Rich Megginson rmeggins@redhat.com Date: Wed May 29 18:44:26 2013 -0600
Metadata Update from @rmeggins: - Issue assigned to rmeggins - Issue set to the milestone: 1.2.11.22
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/712
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.