LDAP over SSL does not work with Ubuntu Prolonged Pain

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu May 10 20:27:30 CEST 2012

On 05/10/2012 01:59 PM, Thorsten Glaser wrote:

> Hi,

> we’ve got a range of systems in existence, from Debian etch
> (formerly sarge) to sid, and Kubuntu hardy (formerly dapper)
> to precise.
> Now, their latest release, prolonged pain precisely, fails to
> connect to our LDAP server (Univention Corporate Server 2.4),
> whereas it works with OpenSSL. I’ve had similar issues in hardy
> where a “security” update broke things due to GnuTLS, but this
> is new, and somehow gnutls-cli lacks the usual debugging output.

 What do you mean by the usual debugging output?

> root at foo-test:~ # gnutls-cli -V -d 4711 -p 636 --x509cafile
/etc/ssl/certs/ca-c* dc.lan.tarent.de

The option `x509cafile' accepts a single file. If you use the * to
import more than one files it shouldn't work.

> Any ideas welcome. The certificates (CA and LDAP server) are
> autogenerated by some Univention scripts, in case someone needs
> to know.

So if I understand your issue is that gnutls 3.0.11 doesn't work
for you in  ubuntu but gnutls 3.0.19 works for you in a debian
system? I don't know what to suggest. Do these releases work for
you if you install them from our released tarballs?


More information about the Gnutls-help mailing list