Re: LDAP over SSL does not work with Ubuntu Prolonged Pain

[Thorsten Glaser]

On Wed, 23 May 2012, Nikos Mavrogiannopoulos wrote:

> Thank you. Indeed this is an issue. Would the attach patch solve that?

In the meanwhile, I tested this patch on Debian squeeze (exemplarily;
lenny is also affected), *buntu hardy, lucid, oneiric and precise,
and it works (turns out the older versions are also affected). I only
had thought it to be a regression since we used to have
        TLS_CACERT      /etc/ssl/certs/dc.lan.tarent.de.cer
in our /etc/ldap/ldap.conf, and my coworker’s new setup places the
whole ca-certificates.crt file there, instead of just the certificate
of the CA who signed the LDAP servers’ certs.

Debian wheezy/sid ships two packages (gnutls26 and gnutls28); gnutls-cli
is linked against the latter there and does not exhibit the problem, but
the former might still need this patch. (But if it ends up in a GnuTLS
release, Andreas will probably add it anyway.)

There’s a comment typo (isser instead of issuer) and a few occurences of
trailing whitespace in the patch. </nitpick-mode>

https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1003841

Applying one of the debdiffs against the lenny and squeeze (and
probably sid) packages is trivial.

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-314
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Boris Esser, Elmar Geese