Re: [nssldap] Re: Weird behaviour with TLS: pipes, forks, etc

[Andreas Hasenack <ahasenack [at] terra.com.br>]

On Tue, May 15, 2007 at 03:09:57PM -0300, Andreas Hasenack wrote:
> On Tue, May 15, 2007 at 11:16:44AM -0300, Andreas Hasenack wrote:
> > On Tue, May 15, 2007 at 10:12:38AM -0300, Andreas Hasenack wrote:
> > > I have a weird behaviour in nss_ldap-255 (didn't test much older
> > > versions) which only manifests itself when using start_tls or plain ldaps.
> > > The problem also goes away when using nscd.
> > > 
> > > Building a package with rpm just fails without explanation:
> > > (...)
> > > Wrote: /home/goetz/rpm/null/RPMS/i586/null-dummy-2-2mdv2008.0.i586.rpm
> > > Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.2403
> > > error: Bad exit status from /var/tmp/rpm-tmp.2403 (%clean)
> > 
> > Here is some further debug for when it fails:
> > Wrote: /home/goetz/rpm/null/RPMS/i586/null-dummy-2-2mdv2008.0.i586.rpm
> > Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.43717
> > nss_ldap: ==> do_atfork_prepare
> > nss_ldap: <== do_atfork_prepare
> > nss_ldap: ==> do_atfork_parent
> > nss_ldap: <== do_atfork_parent
> > nss_ldap: ==> do_atfork_child
> > nss_ldap: ==> do_close_no_unbind
> > error: Bad exit status from /var/tmp/rpm-tmp.43717 (%clean)
> > 
> > Notice it never "leaves" do_close_no_unbind.
> 
> Found a version of nss_ldap where it works: 212. Couldn't test others,
> the "old-versions" directory on ftp.padl.com/pub is blocked.
> 
> I tried 212, 220, 248, 254 and 255.
 
Ok, turns out it seems to be a bad interaction between libldap, nss_ldap
and openssl. With other versions of libldap and libssl, nss_ldap 250
worked for me.

Here are some other bug reports about this issue (thanks _ranger_):
http://bugzilla.padl.com/show_bug.cgi?id=309
http://bugs.gentoo.org/show_bug.cgi?id=162355
http://bugzilla.padl.com/show_bug.cgi?id=273