Re: Issues enabling SSL/TLS for config DS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 06/17/2017 10:46 PM, dave_horton2001@xxxxxxxxxxx wrote:
> Hi Mark,
>
> I can confirm removing it from adm.conf prevents it working.  Adding it back, it works again.
>
> Possibly there's another means that normally ensures the correct range is set for the config DS connection?
>
> The function returning the error that shows up in the log with the debug build is this 'ssl3_CheckRangeValidAndConstrainByPolicy' in 'nss/lib/ssl/sslsock.c'.
>
> Following the call stack, ADMSSL_Init calls initNSS which in turn calls SSL_VersionRangeSetDefault (again in 'nss/lib/ssl/sslsock.c').  This takes an initial range as input and checks and constrains it (calling ssl3_CheckRangeValidAndConstrainByPolicy which generates the error).
>
> That initial range passed to SSL_VersionRangeSetDefault comes from the following in initNSS:
>
>   range.min = admldapGetSSLMin(info);
>   range.max = admldapGetSSLMax(info);
My bad, yeah it's in the 389-adminutil package source code.  I was
previously looking in the 389-admin source. 

Updating the wiki...

Thanks,
Mark
>
> Tracing back, that info was the AdmldapInfo constructed for the config connection which came from adm.conf.  So that was what led me to attempt adding the entries to adm.conf which seemed to do the trick.
>
> Hope that helps.
> David
> _______________________________________________
> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux