LDAP over SSL does not work with Ubuntu Prolonged Pain
Thorsten Glaser
t.glaser at tarent.de
Mon May 14 14:31:03 CEST 2012
On Mon, 14 May 2012, Бранко Мајић wrote:
> If I were you, I'd try to download the source of the Ubuntu package and
> check the patches, possibly rebuilding the relevant packages by hand
Yeah, I was trying to avoid having to dig in the sources myself,
as I’ve got quite a lot on my hands already. It’s even for a
coworker, as I disagree with them using *buntu anyway.
> without those patches. You may find this guide helpful:
>
> http://www.cyberciti.biz/faq/rebuilding-ubuntu-debian-linux-binary-package/
Maybe, if I were not a Debian Developer already ;-)
> What happens if you tell gnutls-cli to ignore check of certificates?
> Does it fail in the same way (i.e. just curious if the actual
> establishing of connections works ok)?
Ah, _there_’s the output I was looking for. Yes, it works,
but it does too when I disable CA checking in OpenLDAP.
Which is not quite the point though.
# gnutls-cli --insecure -p 636 dc.lan.tarent.de
Resolving 'dc.lan.tarent.de'...
Connecting to '172.26.100.1:636'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject =DE,ST=NRW,L=Bonn,O=tarent GmbH,OU=IT,CN=dc.lan.tarent.de,EMAIL=admins at tarent.de', issuer =DE,ST=NRW,L=Bonn,O=tarent GmbH,OU=IT,CN=Univention Corporate Server Root CA,EMAIL=admins at tarent.de', RSA key 1024 bits, signed using RSA-SHA1, activated É1-02-07 10:24:29 UTC', expires É6-02-06 10:24:29 UTC', SHA-1 fingerprint 11f5038e915c4cdf36743bc39b62ff60be8fdbf'
- Certificate[1] info:
- subject =DE,ST=NRW,L=Bonn,O=tarent GmbH,OU=IT,CN=Univention Corporate Server Root CA,EMAIL=admins at tarent.de', issuer =DE,ST=NRW,L=Bonn,O=tarent GmbH,OU=IT,CN=Univention Corporate Server Root CA,EMAIL=admins at tarent.de', RSA key 2048 bits, signed using RSA-SHA1, activated É1-02-07 10:24:29 UTC', expires É3-02-06 10:24:29 UTC', SHA-1 fingerprint a9e3f7bcea0df189a7f599599bc253517a57fc'
- The hostname in the certificate matches 'dc.lan.tarent.de'.
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed
- Simple Client Mode:
^C
Хвала
//mirabilos
--
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-314
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Boris Esser, Elmar Geese
More information about the Gnutls-help
mailing list