LDAP over SSL does not work with Ubuntu Prolonged Pain

Бранко Мајић branko at majic.rs
Mon May 14 13:21:31 CEST 2012

If I were you, I'd try to download the source of the Ubuntu package and
check the patches, possibly rebuilding the relevant packages by hand
without those patches. You may find this guide helpful:


Iirc, all you need is to remove the patch files from patches directory
of some sorts.

What happens if you tell gnutls-cli to ignore check of certificates?
Does it fail in the same way (i.e. just curious if the actual
establishing of connections works ok)?

I know that, for example, between upgrade Lenny from Squeeze the slapd
server would no longer be able to read a PKCS#8 PEM-encoded private key
(a bit unrelated, but a small note).

Best regards

Дана Mon, 14 May 2012 10:20:57 +0200 (CEST)
Thorsten Glaser <t.glaser at tarent.de> написа:

> On Sat, 12 May 2012, Nikos Mavrogiannopoulos wrote:
> > You can use --print-certs to get the certificates.
> This doesn’t work either:
> # gnutls-cli --print-cert -p 636 --x509cafile /etc/ssl/certs/ca-c*
> dc.lan.tarent.de Processed 407 CA certificate(s).
> Resolving 'dc.lan.tarent.de'...
> Connecting to ''...
> *** Verifying server certificate failed...
> *** Fatal error: Error in the certificate.
> *** Handshake has failed
> GnuTLS error: Error in the certificate.
> I think it may misparse the certificates or something.
> Do you think I’d better raise this with Ubuntu? I had
> looked here first because it seems way more active and
> responsive…
> bye,
> //mirabilos

Branko Majic
Jabber: branko at majic.rs
Please use only Free formats when sending attachments to me.

Бранко Мајић
Џабер: branko at majic.rs
Молим вас да додатке шаљете искључиво у слободним форматима.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: </pipermail/attachments/20120514/fcd8d476/attachment.pgp>

More information about the Gnutls-help mailing list