Martijn van Duren wrote: > On 10/24/19 2:25 PM, Claudio Jeker wrote: > > > > OK claudio@ > > > I'll commit this soon-ish based on claudio's OK, but if at all > possible I would like to ask the people affected by this to test this > and see if this solves their problem.
I did this on the pair of LDAP servers atlas and titan to make sure I can reproduce results. atlas# uname -a OpenBSD atlas.int.autonlab.org 6.6 GENERIC.MP#0 amd64 atlas# syspatch -l 001_bpf 002_ber 003_bgpd atlas# rcctl restart ldapd ldapd(ok) ldapd(ok) atlas# ldapvi -ZZ ldap_start_tls_s: Protocol error (2) # Getting source code atlas# cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs checkout -rOPENBSD_6_6 -P src atlas# cvs -q up -Pd -rOPENBSD_6_6 atlas# make clean atlas# make obj atlas# make atlas# make install #atlas rcctl restart ldapd ldapd(ok) ldapd(ok) atlas# ldapvi -ZZ ldap_start_tls_s: Protocol error (2) Upon close inspection I see that cvs is pulling the revision 1.31.2.1 https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/ldapd/ldape.c?r1=1.33 which is the same as the binary patch I already installed. Manually fetching revision 1.33 which I am guessing is going to current. and rebuilding the daemon ldapvi -ZZ is now sucessful. So for me personally version 1.33 of ldape.c works. This is the difference between 1.31.2.1 which can be obtained as a binary patch and the version 1.33 atlas# diff ldape.c.v.1.31.2.1 ldape.c.v.1.33 1c1 < /* $OpenBSD: ldape.c,v 1.31.2.1 2019/10/27 20:05:13 tb Exp $ */ --- > /* $OpenBSD: ldape.c,v 1.33 2019/10/26 17:52:55 martijn Exp $ */ 301d300 < struct ber_element *ext_val = NULL; 310c309 < if (ober_scanf_elements(req->op, "{se", &oid, &ext_val) != 0) --- > if (ober_scanf_elements(req->op, "{s", &oid) != 0) 314c313 < req->op = ext_val; --- > req->op = req->op->be_sub->be_next; Cheers, Predrag
