Hi Mark,
I can confirm removing it from adm.conf prevents it working. Adding it back, it works again.
Possibly there's another means that normally ensures the correct range is set for the config DS connection?
The function returning the error that shows up in the log with the debug build is this 'ssl3_CheckRangeValidAndConstrainByPolicy' in 'nss/lib/ssl/sslsock.c'.
Following the call stack, ADMSSL_Init calls initNSS which in turn calls SSL_VersionRangeSetDefault (again in 'nss/lib/ssl/sslsock.c'). This takes an initial range as input and checks and constrains it (calling ssl3_CheckRangeValidAndConstrainByPolicy which generates the error).
That initial range passed to SSL_VersionRangeSetDefault comes from the following in initNSS:
range.min = admldapGetSSLMin(info);
range.max = admldapGetSSLMax(info);
Tracing back, that info was the AdmldapInfo constructed for the config connection which came from adm.conf. So that was what led me to attempt adding the entries to adm.conf which seemed to do the trick.
Hope that helps.
David
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
No comments:
Post a Comment