Package: ldap-utils Version: 2.4.23-7.2 Severity: grave Justification: renders package unusable
I tried to use the OpenLDAP as a client with a server that uses SSL/TLS encryption. The connection never worked, it terminated with the error message TLS: peer cert untrusted or revoked (0x102) TLS: can't connect: (unknown error code). ldap_err2string ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) The certificate of the server has probably been generated using openssl, so I recompiled the entire OpenLDAP package with the configure option --with-tls=openssl (instead of gnutls). This made it work immediately. It is known that gnutls is badly written anyway http://www.openldap.org/lists/openldap-devel/200802/msg00072.html so, please switch to openssl instead of gnutls. -- System Information: Debian Release: 6.0.2 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ldap-utils depends on: ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libgnutls26 2.8.6-1 the GNU TLS library - runtime libr ii libldap-2.4-2 2.4.23-7.2 OpenLDAP libraries ii libsasl2-2 2.1.23.dfsg1-7 Cyrus SASL - authentication abstra Versions of packages ldap-utils recommends: ii libsasl2-modules 2.1.23.dfsg1-7 Cyrus SASL - pluggable authenticat ldap-utils suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
