Bug#514578: libgnutls26: LDAP STARTTLS is broken
Simon Josefsson
simon at josefsson.org
Mon Feb 9 12:40:59 UTC 2009
Gábor Gombás <gombasg at sztaki.hu> writes:
> Package: libgnutls26
> Version: 2.4.2-5
> Severity: important
>
>
> Hi,
>
> After upgrading to libgnutls26 2.4.2-5, LDAP authentication fails (including
> ldap-utils, libnss-ldap and apache's mod_authnz_ldap). The error message from
> ldapsearch ends with:
>
> TLS: peer cert untrusted or revoked (0x102)
> ldap_err2string
> ldap_start_tls: Connect error (-11)
>
> 2.4.2-6 in sid is also affected. Re-installing 2.4.2-4 fixes the problem.
Please provide output from:
gnutls-cli -p 663 your.ldap.server -d 4711 --print-cert
Replacing your.ldap.server as appropriate.
I suspect your chain contains a certificate signed with RSA-MD5, if so
you need to trust an intermediary certificate directly to work around
the problem. You'll need 2.4.2-6 for this to work.
/Simon
More information about the Pkg-gnutls-maint
mailing list