Skip to Content.
Sympa Menu

en - Re: [sympa-users] Strange things on LDAP quaries...

Subject: The mailing list for listmasters using Sympa

List archive

Chronological Thread  
  • From: Steve Shipway <address@concealed>
  • To: Marco Gaiarin <address@concealed>, "address@concealed" <address@concealed>
  • Subject: Re: [sympa-users] Strange things on LDAP quaries...
  • Date: Fri, 26 Aug 2016 09:41:32 +1200

So, the problem is that the new LDAP does not support the same (less secure) list of protocols as the old one.
 [Thu Aug 25 09:26:44 2016] [warn] [client 10.5.1.14] mod_fcgid: stderr: invalid 
SSL_version specified at /usr/share/perl5/IO/Socket/SSL.pm line 332, referer: 
http://liste.localdomain/wws/edit_list_request/lnf-sv-corsi-annunci/data_source
Sympa should have caught this more gracefully, but the problem is with your
ssl_version tls
The correct setting would be
ssl_version tlsv1
This should fix things.

Steve

On 26/08/16 08:07, Marco Gaiarin wrote:

You can set ca_verify=none which may help (if the cert is not signed by
a recognised CA).  You may also want to check your ssl_version and
ssl_ciphers=ALL settings in case your new LDAP server does not support
the same or as many ciphers as the previous one -- possibly the new LDAP
server is stricter in its requirements for connection.
Ok, some light in the dark. Effectively the updated LDAP server use newer
GNUTLS library and only TLS, no SSLv3 (or lower).

In the list web interface i've set 'ssl_version tls' (was sslv3) but then
sympa web interface bombs out with error:

 [Thu Aug 25 09:26:18 2016] [warn] [client 10.5.1.14] mod_fcgid: stderr: Use of uninitialized value $_[0] in sprintf at /usr/lib/perl/5.14/Sys/Syslog.pm line 368., referer: http://liste.localdomain/wws/edit_list_request/lnf-sv-corsi-annunci/data_source
 [Thu Aug 25 09:26:30 2016] [warn] [client 10.5.1.14] mod_fcgid: stderr: Use of uninitialized value $_[0] in sprintf at /usr/lib/perl/5.14/Sys/Syslog.pm line 368., referer: http://liste.localdomain/wws/admin/lnf-sv-corsi-annunci
 [Thu Aug 25 09:26:44 2016] [warn] [client 10.5.1.14] mod_fcgid: stderr: Use of uninitialized value $_[0] in sprintf at /usr/lib/perl/5.14/Sys/Syslog.pm line 368., referer: http://liste.localdomain/wws/edit_list_request/lnf-sv-corsi-annunci/data_source
 [Thu Aug 25 09:26:44 2016] [warn] [client 10.5.1.14] mod_fcgid: stderr: invalid SSL_version specified at /usr/share/perl5/IO/Socket/SSL.pm line 332, referer: http://liste.localdomain/wws/edit_list_request/lnf-sv-corsi-annunci/data_source
 [Thu Aug 25 09:26:44 2016] [warn] [client 10.5.1.14] mod_fcgid: stderr: invalid SSL_version specified at /usr/share/perl5/IO/Socket/SSL.pm line 332, referer: http://liste.localdomain/wws/edit_list_request/lnf-sv-corsi-annunci/data_source
 [Thu Aug 25 09:26:44 2016] [error] [client 10.5.1.14] Premature end of script headers: wwsympa-wrapper.fcgi, referer: http://liste.localdomain/wws/edit_list_request/lnf-sv-corsi-annunci/data_source

I've also tried to lower the limit on the ldap server, eg make it accept
SSLv3, but i was not able...


Thanks.


--

Steve Shipway | Senior Email Systems Administrator
Phone: +64 9 302 0515 Fax: +64 9 302 0518
Freephone: 0800 SMX SMX (769 769)
SMX Limited: Level 15, 19 Victoria Street West, Auckland, New Zealand
Web: http://smxemail.com

This email has been filtered by SMX. For more information visit smxemail.com.
begin:vcard
fn:Steve Shipway
n:Shipway;Steve
org:SMX Ltd
adr:;;Level 15, 19 Victoria Street West;Auckland;;1001;New Zealand
email;internet:address@concealed
title:Snr Email Systems Administrator
tel;work: +64 9 302 0515
tel;fax:+64 9 302 0518 
tel;cell:+64 21 753 189
url:http://smxemail.com/
version:2.1
end:vcard




Archive powered by MHonArc 2.6.19+.

Top of Page