Coin, Quoting Andreas Metzler <ametz...@downhill.at.eu.org>:
do you also get the segfault when connecting the ldap server with gnutls-cli?
I was not able to test it with starttls (as in my configuration), as it seems gnutls-cli waits indefinitely for the right moment to issue a STARTTLS. Nevertheless, using ldaps:// does reproduce the problem, so i tried using: # gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p 636 db-ldap-3.duckcorp.org
Processed 159 CA certificate(s). Resolving 'db-ldap-3.duckcorp.org'... Connecting to '2001:7a8:810:6969::1:636'... - Certificate type: X.509 - Got a certificate list of 2 certificates. - Certificate[0] info:- subject `C=DL,ST=DuckLand,L=DuckCity,O=DuckCorp,OU=DuckCorp LDAP Server,CN=db-ldap-3.duckcorp.org,EMAIL=ad...@milkypond.org', issuer `C=DL,ST=DuckLand,L=DuckCity,O=DuckCorp,CN=DuckCorp CA,EMAIL=r...@duckcorp.org', RSA key 2048 bits, signed using RSA-SHA1, activated `2009-07-11 21:08:28 UTC', expires `2012-07-10 21:08:28 UTC', SHA-1 fingerprint `f2df9b66753df63c874321f64fd386c6417d00e9'
- Certificate[1] info:- subject `C=DL,ST=DuckLand,L=DuckCity,O=DuckCorp,CN=DuckCorp CA,EMAIL=r...@duckcorp.org', issuer `C=DL,ST=DuckLand,L=DuckCity,O=DuckCorp,CN=DuckCorp CA,EMAIL=r...@duckcorp.org', RSA key 1024 bits, signed using RSA-MD5 (broken!), activated `2004-12-02 19:08:23 UTC', expires `2014-11-30 19:08:23 UTC', SHA-1 fingerprint `948c918a78963793fb89e78f68f9f97d4df8e915'
- The hostname in the certificate matches 'db-ldap-3.duckcorp.org'. - Peer's certificate is trusted - Version: TLS1.2 - Key Exchange: RSA - Cipher: AES-128-CBC - MAC: SHA1 - Compression: NULL - Handshake was completed - Simple Client Mode:
Do I understand correctly that your cpu supports the AES-NI instruction set? (grep -i aes /proc/cpuinfo)
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx rdtscp lm constant_tsc arch_perfmon pebs bts xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm sse4_1 sse4_2 x2apic popcnt *aes* xsave avx lahf_lm ida arat epb xsaveopt pln pts dts tpr_shadow vnmi flexpriority ept vpid
Regards. -- Marc Dequènes (Duck)
pgptrLCUsFbcd.pgp
Description: PGP Digital Signature
