Open Firstyear opened 2 hours ago
Issue Description A customer noticed repeated bursts of warnings from check_private_certdir() during operation of a 389-ds container. This occurs because in the container, tmp is not a system private mount, causing the check to return NULL.
check_private_certdir()
While this itself isn't a problem since there is a valid fallback to certdir as the extraction path, the excesive log noise indicates that we are calling https://github.com/389ds/389-ds-base/blob/main/ldap/servers/slapd/ssl.c#L2201 in a loop, when certdir should be defined once at the time of extraction.
Realistically we should be extracting setting the cert/key paths during extraction https://github.com/389ds/389-ds-base/blob/main/ldap/servers/slapd/ssl.c#L2505 rather than calculating it each time we perform the loop of ssl client auth.
Package Version and Platform:
https://bugzilla.suse.com/show_bug.cgi?id=1230852
@tbordaz I think you were the last person to touch this code from memory, what do you think?
Issue Description A customer noticed repeated bursts of warnings from
check_private_certdir()
during operation of a 389-ds container. This occurs because in the container, tmp is not a system private mount, causing the check to return NULL.While this itself isn't a problem since there is a valid fallback to certdir as the extraction path, the excesive log noise indicates that we are calling https://github.com/389ds/389-ds-base/blob/main/ldap/servers/slapd/ssl.c#L2201 in a loop, when certdir should be defined once at the time of extraction.
Realistically we should be extracting setting the cert/key paths during extraction https://github.com/389ds/389-ds-base/blob/main/ldap/servers/slapd/ssl.c#L2505 rather than calculating it each time we perform the loop of ssl client auth.
Package Version and Platform:
https://bugzilla.suse.com/show_bug.cgi?id=1230852