A bug has been found in libldap code that interferes with the value of "require cert" option. It affects libldap built with GnuTLS, as is done in packages supplied by Ubuntu and Debian. The bug causes the value to be read from previously freed memory, often resulting in incorrect or random value being used. This bug has been fixed upstream by the OpenLDAP team, but the fix has not yet been backported to Ubuntu.
Bug 1557248 https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1557248 The problem you describe may be caused by this bug, or by an unrelated problem. However, in any case Ubuntu libldap packages currently in wily and xenial do not handle "require cert" option correctly. With this in mind, may I ask that you vote for bug 1557248 in order for it to get noticed by Ubuntu maintainers. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1547927 Title: LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and STARTTLS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1547927/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
