LDAP over SSL does not work with Ubuntu Prolonged Pain
Thorsten Glaser
t.glaser at tarent.de
Thu May 24 11:17:31 CEST 2012
Note: this is now https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1003841
On Wed, 23 May 2012, Nikos Mavrogiannopoulos wrote:
> Thank you. Indeed this is an issue. Would the attach patch solve that?
Thanks, yes it does (applied to oneiric first, to test):
root at oneiric:~ # gnutls-cli -V --x509cafile /etc/ssl/certs/ca-certificates.crt -p 636 dc.lan.tarent.de
Processed 407 CA certificate(s).
Resolving 'dc.lan.tarent.de'...
Connecting to '172.26.100.1:636'...
*** Verifying server certificate failed...
*** Fatal error: Error in the certificate.
*** Handshake has failed
GnuTLS error: Error in the certificate.
1|root at oneiric:~ # dpkg -i libgnutls26_2.10.5-1ubuntu3.2_amd64.deb gnutls-bin_2.10.5-1ubuntu3.2_amd64.deb
(Reading database ... 19058 files and directories currently installed.)
Preparing to replace libgnutls26 2.10.5-1ubuntu3 (using libgnutls26_2.10.5-1ubuntu3.2_amd64.deb) ...
Unpacking replacement libgnutls26 ...
Preparing to replace gnutls-bin 2.10.5-1ubuntu3 (using gnutls-bin_2.10.5-1ubuntu3.2_amd64.deb) ...
Unpacking replacement gnutls-bin ...
Setting up libgnutls26 (2.10.5-1ubuntu3.2) ...
Setting up gnutls-bin (2.10.5-1ubuntu3.2) ...
Processing triggers for man-db ...
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place
root at oneiric:~ # gnutls-cli -V --x509cafile /etc/ssl/certs/ca-certificates.crt -p 636 dc.lan.tarent.de
Processed 407 CA certificate(s).
Resolving 'dc.lan.tarent.de'...
Connecting to '172.26.100.1:636'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- X.509 Certificate Information:
Version: 3
Serial Number (hex): 01
Issuer: C=DE,ST=NRW,L=Bonn,O=tarent GmbH,OU=IT,CN=Univention Corporate Server Root CA,EMAIL=admins at tarent.de
Validity:
Not Before: Mon Feb 07 10:24:29 UTC 2011
Not After: Sat Feb 06 10:24:29 UTC 2016
Subject: C=DE,ST=NRW,L=Bonn,O=tarent GmbH,OU=IT,CN=dc.lan.tarent.de,EMAIL=admins at tarent.de
Subject Public Key Algorithm: RSA
Modulus (bits 1024):
b7:9c:d6:48:f1:e9:e6:c7:0d:68:cd:67:8e:c3:14:29
3d:d6:83:11:d0:95:3b:75:62:9d:0d:c2:67:5f:83:69
20:29:57:7d:89:9f:4f:99:54:d6:72:1d:11:59:1a:1b
db:ea:00:48:2f:d6:d5:c6:56:1e:fc:cb:91:c4:36:f8
cc:a2:a9:dd:34:ad:2f:66:eb:89:fa:1b:a8:57:9a:0b
75:f1:da:0c:a7:d0:f4:73:3d:cf:24:1e:75:95:6f:bb
7f:c1:65:12:36:64:eb:ac:b7:14:2b:6d:99:3f:05:b6
36:cc:41:99:fa:fb:52:89:46:94:83:2d:ac:34:13:ef
Exponent (bits 24):
01:00:01
Extensions:
Basic Constraints (not critical):
Certificate Authority (CA): FALSE
Subject Key Identifier (not critical):
85f8172fa622f26215c5da9092a64ba77e007fa6
Authority Key Identifier (not critical):
619b65ad7b77255a9ba408325077492ad6dd1d76
Signature Algorithm: RSA-SHA1
Signature:
23:36:68:08:39:7c:20:6e:71:37:97:44:bc:bb:b6:af
30:6f:7d:e7:90:fb:3d:02:2d:88:c9:44:a4:76:4e:65
21:aa:cd:6a:92:80:a5:86:4a:9d:7e:dc:5a:ba:4d:88
67:a3:1b:a9:4b:c9:85:f0:4b:da:28:41:0b:3d:e1:29
cb:b7:7e:7c:de:c2:fe:55:3c:52:4f:75:e3:e2:c4:22
71:b9:19:5b:e2:3f:41:7f:98:de:c0:02:be:18:9b:0c
46:b0:5c:76:4f:0b:33:10:c4:d8:24:2e:f0:6c:68:ce
ee:02:8e:c7:87:3a:0f:55:09:4c:df:6a:e0:de:65:d7
ec:db:2e:9e:fd:f5:87:0f:d6:8c:a1:c8:d0:c5:bc:61
f0:48:3d:fd:e8:e3:41:86:9c:37:27:41:11:61:cd:84
18:de:ef:9b:60:ac:f4:ab:3c:b5:61:f4:31:8e:fa:85
06:7a:c9:24:50:b5:9b:dc:1f:66:cf:5d:7c:08:e4:0d
be:53:0d:54:ca:47:5c:b5:b0:46:94:83:64:ab:37:8e
8e:55:81:32:80:da:a5:49:32:5d:72:0c:5c:15:64:ab
4b:55:b7:ca:bb:41:a1:db:8f:f3:1a:b2:59:e3:da:b0
ed:d3:4c:75:a4:34:8c:1f:2a:73:e6:d0:72:40:16:55
Other Information:
MD5 fingerprint:
4b8a61b6a2db43ba96516ab90e50f23b
SHA-1 fingerprint:
c11f5038e915c4cdf36743bc39b62ff60be8fdbf
Public Key Id:
85f8172fa622f26215c5da9092a64ba77e007fa6
- Certificate[1] info:
- X.509 Certificate Information:
Version: 3
Serial Number (hex): 009d7b9eab1ec7a249
Issuer: C=DE,ST=NRW,L=Bonn,O=tarent GmbH,OU=IT,CN=Univention Corporate Server Root CA,EMAIL=admins at tarent.de
Validity:
Not Before: Mon Feb 07 10:24:29 UTC 2011
Not After: Wed Feb 06 10:24:29 UTC 2013
Subject: C=DE,ST=NRW,L=Bonn,O=tarent GmbH,OU=IT,CN=Univention Corporate Server Root CA,EMAIL=admins at tarent.de
Subject Public Key Algorithm: RSA
Modulus (bits 2048):
b1:86:75:49:51:8c:0d:19:f4:f5:1d:9e:63:c1:0b:01
04:df:ba:dc:05:bc:49:4e:6c:21:de:7b:2c:a5:dd:bf
89:bd:2f:8e:a6:e1:6a:61:aa:4c:e0:1e:c4:48:5e:04
45:33:b9:d8:1f:99:ab:46:72:f4:42:f7:5a:4a:0d:ec
a6:78:2d:1c:64:63:97:8a:16:90:80:36:9e:30:ac:a0
c1:91:56:e4:6e:ea:38:9d:dd:de:30:a7:e5:6f:40:71
91:90:38:6d:4e:c8:1a:f7:ed:59:6a:b8:96:bf:54:3b
0e:6f:98:61:94:ab:1b:58:4d:db:78:a8:19:38:ea:4e
b6:1c:0b:6d:b3:76:1a:4e:80:c7:68:9b:0b:e3:81:5a
14:5d:ea:61:b5:a1:9d:b1:ec:d8:b7:37:f7:a4:01:d3
13:b7:88:3f:08:9a:43:de:2d:30:f3:ad:60:d3:09:36
b7:08:7e:d6:cf:04:9b:bd:45:ac:55:8f:0b:bc:49:ca
3f:e7:c8:2a:42:3a:05:d5:dd:07:77:10:c2:07:ca:a2
2a:2e:84:a9:6b:b3:b0:f8:79:25:8e:bc:b5:c1:d7:c2
1c:d7:0a:41:b0:55:4f:d0:44:50:d2:15:75:5b:21:dd
a5:24:82:a9:99:63:8b:8d:d5:7d:71:19:31:62:e4:f7
Exponent (bits 24):
01:00:01
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): TRUE
Subject Key Identifier (not critical):
619b65ad7b77255a9ba408325077492ad6dd1d76
Authority Key Identifier (not critical):
619b65ad7b77255a9ba408325077492ad6dd1d76
Key Usage (not critical):
Certificate signing.
CRL signing.
Unknown extension 2.16.840.1.113730.1.1 (not critical):
ASCII: ....
Hexdump: 03020007
Subject Alternative Name (not critical):
RFC822name: admins at tarent.de
Issuer Alternative Name (not critical):
RFC822name: admins at tarent.de
Unknown extension 2.16.840.1.113730.1.13 (not critical):
ASCII: .)This certificate is a Root CA Certificate
Hexdump: 162954686973206365727469666963617465206973206120526f6f74204341204365727469666963617465
Signature Algorithm: RSA-SHA1
Signature:
5b:a1:a8:ec:95:0a:95:40:ed:da:55:79:bb:75:9e:0d
1c:73:dd:dc:e7:79:17:00:57:d7:08:a7:1b:7b:45:f3
e3:7d:41:80:e1:49:4b:34:a1:cc:91:e1:e3:db:20:d9
1f:01:8a:bc:74:10:40:6a:2a:c4:9c:05:d6:1a:27:c0
da:83:81:0e:34:f7:f4:04:c5:68:38:c1:67:74:44:ab
28:ee:a7:54:32:d7:1c:95:eb:90:a6:b9:46:d1:96:05
99:8b:f0:d2:a3:05:43:82:3c:a1:e3:9d:52:b5:94:65
df:df:9d:88:b5:d7:7b:1e:71:28:1e:a1:b2:80:2b:80
57:59:57:e9:3f:10:78:01:45:54:cf:11:3c:6d:3e:ab
50:59:3b:11:82:9a:a8:ad:ca:5a:8f:4a:e2:0c:40:da
84:9f:bc:14:41:31:f7:ec:13:4d:48:b5:1e:96:65:3b
1d:58:49:70:cf:04:f8:57:d3:7e:a3:3a:45:4f:05:78
12:20:a5:b8:3a:5e:d8:17:b1:4c:37:fc:16:4e:d0:3e
b8:ef:18:7d:ed:b2:17:c5:a6:d8:c1:34:84:34:b1:bf
a9:67:f9:fc:82:20:96:6f:39:86:3b:bd:bd:98:52:a1
e8:3d:6f:cb:1d:ff:f0:36:a6:c2:bf:72:3c:9b:65:21
Other Information:
MD5 fingerprint:
bbece4964408c9d6c8ce8079f4c4363c
SHA-1 fingerprint:
6da9e3f7bcea0df189a7f599599bc253517a57fc
Public Key Id:
619b65ad7b77255a9ba408325077492ad6dd1d76
- The hostname in the certificate matches 'dc.lan.tarent.de'.
- Peer's certificate is trusted
- Version: TLS1.0
- Key Exchange: RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Session ID: 42:94:C9:9A:AD:39:EB:4C:AF:32:B9:22:BB:DC:EA:5E:A3:F9:DC:F3:C0:70:74:4E:32:D8:69:E6:C0:73:04:F7
- Handshake was completed
- Simple Client Mode:
bye,
//mirabilos
--
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-314
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Boris Esser, Elmar Geese
More information about the Gnutls-help
mailing list