LDAP over SSL does not work with Ubuntu Prolonged Pain

Thorsten Glaser t.glaser at tarent.de
Thu May 31 14:24:35 CEST 2012

On Wed, 23 May 2012, Nikos Mavrogiannopoulos wrote:

> Thank you. Indeed this is an issue. Would the attach patch solve that?

In the meanwhile, I tested this patch on Debian squeeze (exemplarily;
lenny is also affected), *buntu hardy, lucid, oneiric and precise,
and it works (turns out the older versions are also affected). I only
had thought it to be a regression since we used to have
	TLS_CACERT	/etc/ssl/certs/dc.lan.tarent.de.cer
in our /etc/ldap/ldap.conf, and my coworker’s new setup places the
whole ca-certificates.crt file there, instead of just the certificate
of the CA who signed the LDAP servers’ certs.

Debian wheezy/sid ships two packages (gnutls26 and gnutls28); gnutls-cli
is linked against the latter there and does not exhibit the problem, but
the former might still need this patch. (But if it ends up in a GnuTLS
release, Andreas will probably add it anyway.)

There’s a comment typo (isser instead of issuer) and a few occurences of
trailing whitespace in the patch. </nitpick-mode>


Applying one of the debdiffs against the lenny and squeeze (and
probably sid) packages is trivial.

tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-314
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Boris Esser, Elmar Geese

More information about the Gnutls-help mailing list