LDAP over SSL does not work with Ubuntu Prolonged Pain

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed May 23 13:21:29 CEST 2012

On Wed, May 23, 2012 at 12:39 PM, Thorsten Glaser <t.glaser at tarent.de> wrote:

>> Did you try specifying in the gnutls-cli command line the CA
>> certificate that you sent in the previous mail?
> I had not. Oh, this is too good. In this case, sorry for the
> noise, and I’ll have to investigate what happened here.
> […]
> Ah. Got it. And it’s too a bug in GnuTLS. Please try with
> the attached file. (For what it’s worth, the file I attached
> to this mail is an excerpt of the ca-bundle.crt file, and in
> OpenSSL -CApath “syntax”, they are named a4e96d2f.0 and
> a4e96d2f.1, respectively – so they have the same short hash.

GnuTLS doesn't use this hash. It just loads all certificates from the
provided file (in that case you ca-bundle.crt). Could it be that the
generation of the ca-bundle.crt isn't correct?


More information about the Gnutls-help mailing list