Further discussion led to the observation that OpenLDAP's gnutls support
is a port of the existing OpenSSL handling, and it's therefore
reasonable for openldap itself to enable the V1 CA cert option in order
to provide feature parity when building with GnuTLS vs. OpenSSL, even if
this is not altogether desirable from a security POV. I'm therefore
reopening the openldap tasks for those releases where openldap is linked
against GnuTLS.
The upstream discussion also points to regressions in behavior that are
side effects of the change, rather than deliberate security
enhancements, which should therefore be fixed in the gnutls26 package
still - so leaving those tasks open also.
** Changed in: openldap (Ubuntu Jaunty)
Importance: Undecided => High
Assignee: (unassigned) => Mathias Gug (mathiaz)
Status: Invalid => Triaged
** Changed in: openldap (Ubuntu Intrepid)
Importance: Undecided => High
Status: Invalid => Triaged
** Changed in: openldap (Ubuntu Hardy)
Importance: Undecided => High
Status: Invalid => Triaged
--
gnutls regression: failure in certificate chain validation
https://bugs.launchpad.net/bugs/305264
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
