|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #18805 LDAP extension crashes with two TLS connections
Submitted: 2002-08-08 10:17 UTC Modified: 2002-08-15 08:56 UTC
From: spam4octan at highway dot ru Assigned:
Status: Closed Package: LDAP related
PHP Version: 4.2.2 OS: Linux Redhat
Private report: No CVE-ID: None
 [2002-08-08 10:17 UTC] spam4octan at highway dot ru
Script follows (note two `ldaps://', other things work):

$ds1 = ldap_connect('ldaps://');
ldap_bind($ds1, 'cn=Manger,o=org,c=RU', 'secret');
$ds2 = ldap_connect('ldaps://');
ldap_bind($ds2, 'cn=Manger,o=org,c=RU', 'secret');

Configure follows:
./configure \
  --without-pear \
  --disable-xml \
  --prefix=/opt/php4 \
  --with-apxs=/opt/apaches/DSO/bin/apxs \
  --with-mod_charset \
  --enable-shared \
  --disable-static \
  --with-zlib=shared \
  --with-mysql=shared,/opt/mysql \
  --with-ldap=shared,/opt/ldap \
  --with-imap=shared,/usr/local/src/imap-current \
  --with-gd=shared,/opt/gd \
  --enable-mbstring \

I use dynamic extensions loaded in php.ini.
OpenLDAP is v2.1.3 Release.
PHP is compiled as a DSO (apxs) module for Apache 1.3.26.

The tricky thing is that TLS-specific OpenLDAP options are passed through the environment like this:

LDAPTLS_CACERT=/etc/ca.crt \
LDAPTLS_CERT=/etc/client.crt \
LDAPTLS_KEY=/etc/client.key \
LDAPTLS_REQCERT=hard  /opt/apaches/DSO/bin/httpd 

That script gives me 100%-reproducible core dump.

May be it's better to pass such options by means of php.ini variables (openldap2) ?

ldap.tls_cacert =
ldap.tls_cert =
ldap.tls_key =
ldap.tls_reqcert =

Thank You.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2002-08-14 17:36 UTC]
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

 [2002-08-15 08:56 UTC] spam4octan at highway dot ru
I guess it's OpenLDAP 2.1-release library bug.
When I've fallen back to OpenLDAP 2.0.25-stable, it goes Ok.

I set the 'Closed' status to indicate that there seems nothing to be done by PHP team at this time.
Just be advised on this issue.

If I find out more, I'll notify You.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Apr 14 15:01:29 2024 UTC