HomeAbout Us A-Z IndexSearch * Contact Us Register LoginPress Shop

The Open Brand -- Problem Reporting and Interpretations System

Problem Report 2278 Details

Help Show help | Quick Search | Submit a Test Suite Support Request | Click here to view your privileges

This page provides all information on Problem Report 2278.

Report 2278 Actions

    Problem Report Number 2278
    Submitter's Classification Test Suite problem
    State Resolved
    Resolution Rejected (REJ)
    Problem Resolution ID REJ.X.0641
    Raised 2003-08-21 04:58
    Updated 2003-08-27 14:25
    Published 2003-08-27 14:25
    Product Standard LDAP Certified
    Certification Program The Open Brand certification program
    Test Suite VSLDAP version 2.1-GA
    Test Identification Test ID: 1_4_2_28 and 1_4_2_30
    Problem Summary Request to desupport SSL 4.0 SDK and replace with 5.0 SDK
    Problem Text Error Description: The test case failed when the vsldap client sent a
    client hello,
    the server then returned with a server hello. At this
    stage the client failed to verify the server hello and closed
    the connection. We have no way to figure out what was wrong
    with the client side or the package that the ldap server sent
    back to the client.
    Please provide a debug libraries or source code that we can rebuild
    on for debugging it.
    Moreover,
    - SSL server auth only connection to our ldap server passed using
    Netscape
    browser to connect to the ldap server via the url ldaps://<ldap_server>
    Server SSL port: 636
    SSL version: 3
    LDAP server is on Solaris.
    - I also verified that our ldap server worked fine with Netscape SDK
    5.0
    on Solaris platform while vsldap uses Netscape SDK version 4.0

    ================================================================
    iPlanet LDAP SDK for C, version 5.0
    =================================================================
    Documentation for this release of the LDAP SDK for C is located
    at the following URL:
    http://docs.iplanet.com/docs/manuals/directory.html#SDKC
    The documentation set includes the "Release Notes" (in HTML
    format) and the "Netscape LDAP SDK for C Programmer's Guide."
    The Programmer's Guide is available in PDF and HTML formats.
    Please note that the LDAP SDK for C library is most of the time
    ahead of our official documentation. For example, we currently
    don't have a 5.0 branded version of the documentation, however,
    using the latest 4.1 version should be sufficient.
    ================================================
    The c client program:
    #include <stdio.h>
    #include <string.h>
    #include <ctype.h>
    #include <sys/stat.h>
    #include <unistd.h>
    #include "ldap.h"
    #include "ldap_ssl.h"
    /* Adjust these setting for your own LDAP server */
    #define HOSTNAME "hsastry-sun"
    #define PORT_NUMBER 636
    #define FIND_DN "cn=Directory Manager,o=imc,c=us"
    #ifdef NEVER
    int
    main( int argc, char **argv )
    #endif
    int main()
    {
    LDAP *ld;
    LDAPMessage *result, *e;
    BerElement *ber;
    char *a;
    char **vals;
    int i, rc;
    /* Initialize client, using mozilla's certificate database */
    printf("start ssl setup\n");
    if ( ldapssl_client_init("/home/qdinh/.netscape/", NULL ) < 0)
    {
    printf( "Failed to initialize SSL client...\n" );
    return( 1 );
    }
    /* Get a handle to an LDAP connection. */
    if ( (ld = ldapssl_init( HOSTNAME, PORT_NUMBER,1 )) == NULL ) {
    perror( "ldapssl_init" );
    return( 1 );
    }
    /* Bind anonymously to the LDAP server. */
    rc = ldap_simple_bind_s( ld, NULL, NULL );
    if ( rc != LDAP_SUCCESS ) {
    fprintf(stderr, "ldap_simple_bind_s: %s\n",
    ldap_err2string(rc));
    return( 1 );
    }
    }


    Solution: Please provide a debug libraries or source code that we can
    rebuild on for debugging it.
    Or upgrade the test suite to SSL 5.0 SDK

    Review Information

    Review Type TSMA Review
    Start Date 2003-08-21 04:58
    Last Updated 2003-08-22 02:54
    Completed 2003-08-22 02:54
    Status Complete
    Review Recommendation No Resolution Given
    Review Response We do not have enough information to determine if the test suite is at
    fault. We know from discussion with the reporter that both test suite
    and server share a common encryption cipher. The failure to complete the
    SSL handshake has not been explained. We know that other test suite
    users have been able to successfully connect using the same test suite
    software.

    Review Type SA Review
    Start Date 2003-08-22 01:54
    Last Updated 2003-08-22 03:07
    Completed 2003-08-22 03:07
    Status Complete
    Review Resolution Rejected (REJ)
    Review Conclusion The submitter does not provide enough information to determine if the
    test suite is at fault. Therefore this PR is rejected as a TSD on
    procedural grounds, pending further investigation and resolution by
    means of the support channel.

    Problem Reporting System Options:

     

    Back   

Contact the Certification Authority