Package: libgnutls26 Severity: important Version: 2.12.20-1
I just upgraded a test server from squeeze to wheezy The server had working LDAP authentication before the upgrade. After the upgrade, LDAP authentication not working, no login possible. Checking with ldapclient -d 3, I discovered this error: TLS: peer cert untrusted or revoked (0x102) TLS: can't connect: (unknown error code). Adding `TLS_REQCERT allow' to /etc/ldap/ldap.conf makes a workaround and ldapclient works I suspect that GnuTLS is now more strict about something - however, this is a very bad way to find out Specifically, my server uses a 4096 bit RSA cert signed by CACert.org The CACert.org class 3 root is 4096 with SHA256 The CACert.org class 1 root is 4096 md5WithRSAEncryption My client machine has a copy of both roots locally, but I'm guessing it is getting stuck on the MD5 issue I tried setting TLS_CIPHER_SUITE but couldn't find any value that works At the very least, gnutls should give more detail for those unable to guess what might be broken. More importantly, it would be nice to have it work because it has the class 3 (intermediate) root certificate locally, in such situations, the md5 signature on the ultimate root is not so important. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
