[gnutls-devel] isc dhcpd compiled with GNUTLS (Debian)
Mark Pavlichuk
pav5088 at internode.on.net
Tue Feb 18 15:49:44 CET 2014
On 13/02/14 18:05, Nikos Mavrogiannopoulos wrote:
> On Wed, Feb 12, 2014 at 4:56 PM, Mark Pavlichuk
> <pav5088 at internode.on.net> wrote:
>> I am experiencing a bug (in isc-dhcp-server compiled with GNUTLS and
>> LDAP support on Debian) which prevents TLS encryption between dhcpd
>> and the LDAP server. I tried the versions in Wheezy and Jessie
>> ie. 4.2.2 and 4.2.4. The problem is related to parsing the dhcpd.conf
>> file:
>> Internet Systems Consortium DHCP Server 4.2.4
>> Copyright 2004-2012 Internet Systems Consortium.
>> All rights reserved.
>> For info, please visit https://www.isc.org/software/dhcp/
>> /etc/dhcp/dhcpd.conf line 113: semicolon expected.
>> ldap-tls-crlfile "/etc/ssl/crl/ssl-cert-local-ca.crl"
>> ^
> Hello Mark,
> Gnutls doesn't parse files, it is simply the back-end for SSL or
> crypto. You'd better report the issue to the appropriate software that
> has the bug.
>
> regards,
> Nikos
>
The problem seemed to be from mixing libraries (openssl /w GnuTLS)
ie. the isc-dhcpd-ldap server code requires openssl, and the OpenLDAP
libraries are compiled against GnuTLS. I got further by using
openssl-formatted config options, but then dhcpd crashed calling a
GnuTLS function. Detailed info is here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723773 .
I don't know enough to rewrite isc-dhcpd-ldap for GnuTLS, but I see
there's a GNU/openssl compatibility layer... should I be using this?
Is mixing libraries even a problem? The reason I'm asking here is the
code is rather unloved, and my bug report is three months old with no
upstream response.
--
Mark Pavlichuk
More information about the Gnutls-devel
mailing list