LDAP over SSL does not work with Ubuntu Prolonged Pain
Thorsten Glaser
t.glaser at tarent.de
Thu May 31 14:24:35 CEST 2012
On Wed, 23 May 2012, Nikos Mavrogiannopoulos wrote:
> Thank you. Indeed this is an issue. Would the attach patch solve that?
In the meanwhile, I tested this patch on Debian squeeze (exemplarily;
lenny is also affected), *buntu hardy, lucid, oneiric and precise,
and it works (turns out the older versions are also affected). I only
had thought it to be a regression since we used to have
TLS_CACERT /etc/ssl/certs/dc.lan.tarent.de.cer
in our /etc/ldap/ldap.conf, and my coworker’s new setup places the
whole ca-certificates.crt file there, instead of just the certificate
of the CA who signed the LDAP servers’ certs.
Debian wheezy/sid ships two packages (gnutls26 and gnutls28); gnutls-cli
is linked against the latter there and does not exhibit the problem, but
the former might still need this patch. (But if it ends up in a GnuTLS
release, Andreas will probably add it anyway.)
There’s a comment typo (isser instead of issuer) and a few occurences of
trailing whitespace in the patch. </nitpick-mode>
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1003841
Applying one of the debdiffs against the lenny and squeeze (and
probably sid) packages is trivial.
bye,
//mirabilos
--
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-314
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Boris Esser, Elmar Geese
More information about the Gnutls-help
mailing list