Severity: critical
I have attempted to raise the severity of bug#231196 since there are other TLS/SSL issues queueing up in the bug list eg. #234583 and the original #205452 reporting lost TLS features following the patch that replaced openssl with gnutls in the openldap source. So far no response from the package maintainers on these issues. If you are going to patch a package downstream without using upstream resources to verify that the patch has not clobbered documented behaviours then you are going to have to be more vigilant to bug reports on the package. The alternative is to have the patch accepted upstream which means doing the hard yards to get it working correctly. Along with offering two versions of this package one that is openssl dependant and one that is gnutls dependant in the meantime so that users who are relying on ldap . cheers, greg burley ########################################################################## This e-mail is for the use of the intended recipient(s) only. If you have received this e-mail in error, please notify the sender immediately and then delete it. If you are not the intended recipient, you must not use, disclose or distribute this e-mail without the author's prior permission. We have taken precautions to minimise the risk of transmitting software viruses, but we advise you to carry out your own virus checks on any attachment to this message. We cannot accept liability for any loss or damage caused by software viruses. ##########################################################################
