Cyrus IMAP4 v2.1.18 no login via SSL

Lars Hanke lars at
Tue May 24 18:20:19 EDT 2005

Hi folks,

the matter appears to cross-post through every module on my machine :(

Intro for the LDAP specialists:
I have Cyrus-Imap SASL authenticate with ldapdb auxprop. ldapdb uses 
ldaps:// for the LDAP server. All works well if I try with telnet mail 
imap, or even with openssl s_client -connect mail:imaps, if I supply the 
*wrong* password. If the password however is correct, Imapd hangs in 
sasl_checkpass() eating CPU to never return. The arguments passed to 
SASL are identical to the telnet case. The number of calls to the SASL 
auxprop->lookup() method are identical and all return.
Involved: Cyrus IMAP4 v2.1.18, Cyrus SASL 2.1.19, openldap 2.1.30 (LDAP 
server is newer: stable-20050125, another machine)

> Is attaching with a debugger and getting a backtrace possible?

Thanks Derrick, this was a great idea, would not have expected it so easy.

I attached the backlog below. I have trouble tracing all of it in the 
code right away, would need another two or three nights maybe. But maybe 
someone has intimate knowledge of how the system is supposed to work.

My candidate currently is #14: ldap_pvt_tls_init_def_ctx (), which 
appears to run in a mutex brace (ldap_pvt_thread_mutex_lock( 
&tls_def_ctx_mutex )) for almost the whole time and to perform a lot of 
complicated stuff. Well too complicated for tonight. Still I have no 
idea, how the SSL connection mail-client <-> imapd could hold a TLS 
mutex, when imapd <-> slapd shall be established. However, the log entry 
in /var/log/mail.log:

May 24 22:43:04 verdani cyrus/imapd[8733]: starttls: TLSv1 with cipher 
AES256-SHA (256/256 bits new) no authentication

would not exclude that there is some authentication tried on the 
mail-client <-> imapd, which could nest with imapd <-> slapd, but that's 
more speculation than the stock forecast. ;)

Is anybody aware of the big picture?

#0  0x416cc436 in __lll_mutex_lock_wait () from /lib/tls/
#1  0x416c9893 in _L_mutex_lock_26 () from /lib/tls/
#2  0x402b1844 in mallopt () from /lib/tls/
#3  0x403231af in pthread_mutex_lock () from /lib/tls/
#4  0x404bdca1 in ldap_start_tls_s () from /usr/lib/
#5  0x40580d03 in gcry_sexp_canon_len () from /usr/lib/
#6  0x40580e41 in gcry_sexp_canon_len () from /usr/lib/
#7  0x4058db5e in gcry_randomize () from /usr/lib/
#8  0x405896c5 in gcry_md_algo_name () from /usr/lib/
#9  0x405897c2 in gcry_md_open () from /usr/lib/
#10 0x4051ffbc in _gnutls_hash_init () from /usr/lib/
#11 0x405197b1 in gnutls_handshake () from /usr/lib/
#12 0x416bacb5 in gnutls_SSL_free () from /usr/lib/
#13 0x416badda in gnutls_SSL_connect () from /usr/lib/
#14 0x416b868e in ldap_pvt_tls_init_def_ctx () from /usr/lib/
#15 0x416b9696 in ldap_int_tls_start () from /usr/lib/
#16 0x416994a7 in ldap_int_open_connection () from /usr/lib/
#17 0x416ab299 in ldap_new_connection () from /usr/lib/
#18 0x41698f11 in ldap_open_defconn () from /usr/lib/
#19 0x416aae0f in ldap_send_initial_request () from /usr/lib/
#20 0x416a1137 in ldap_sasl_bind () from /usr/lib/
#21 0x416a1b50 in ldap_simple_bind () from /usr/lib/

More information about the Info-cyrus mailing list