#47895 If no effective ciphers are available, disable security setting.
Closed: wontfix None Opened 6 years ago by nhosoi.

If nsslapd-security is "on" and nsSSL3Ciphers is given AND none of the ciphers are available or some syntax error is detected, the server sets nsslapd-security "off" and starts.


CI test is included in dirsrvtests/tickets/ticket47838_test.py.

In:

{{{
"ERROR: %s Initial:ization Failed. Disabling %s.\n"
}}}

is that colon just a stray character that should be removed?

In:

{{{
"ERROR: Failed to disabling %s: \"%s\".\n"
}}}

language correction - it should be "Failed to disable", not "Failed to disabling".

I don't know if there's a rule about the length of error messages, but that one seems quite uninformative, as a user it's always nice to see a bit more detail about what went wrong, perhaps?

Replying to [comment:5 adamwill]:

In:

{{{
"ERROR: %s Initial:ization Failed. Disabling %s.\n"
}}}

is that colon just a stray character that should be removed?

In:

{{{
"ERROR: Failed to disabling %s: \"%s\".\n"
}}}

language correction - it should be "Failed to disable", not "Failed to disabling".

Thank you, Adam! I should have reread the strings that compiler does not tell me to fix... :p Fixing it...

I don't know if there's a rule about the length of error messages, but that one seems quite uninformative, as a user it's always nice to see a bit more detail about what went wrong, perhaps?

The possibilities of the failure in config_set_security is NULL value or invalid value. They are set to errorbuf, e.g.,
nsslapd-secure: invalid value \"%s\". Valid values are \"on\" or \"off\"."
So, I think there's no further confusion there.

git patch file (master) -- revised the typos pointed by Adam (Thank you!!)
0003-Ticket-47895-If-no-effective-ciphers-are-available-d.patch

Reviewed by Nathan (Thank you!!)

Pushed to master:
de57632..0f1a203 master -> master
commit 0f1a203

Pushed to 389-ds-base-1.3.3:
55e317f..cad5b96 389-ds-base-1.3.3 -> 389-ds-base-1.3.3
commit cad5b96

Metadata Update from @nhosoi:
- Issue assigned to nhosoi
- Issue set to the milestone: 1.3.3 backlog

3 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/1226

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)

2 months ago

Login to comment on this ticket.

Metadata