reassign 465170 libldap-2.4-2 found 465170 2.4.39-1 thanks Hi,
I confirm this bug in current unstable. Built against libssl-dev, ldap-utils and slapd (if running in the foreground) automatically prompt for the PEM passphrase; AFAICT that's provided by libssl (SSL_CTX_use_PrivateKey_file) itself. Built against libgnutls-dev or libgnutls28-dev, the encrypted private key cannot be used, since gnutls doesn't implement a similar automatic prompt. Alex already asked gnutls upstream about this: http://lists.gnupg.org/pipermail/gnutls-help/2008-May/001293.html Since gnutls 2.11.1 gnutls_x509_privkey_import already tries PKCS#8 format if the key isn't PEM or DER; and indeed ldapsearch in Debian is already able to use PKCS#8 private keys as long as they aren't encrypted (openssl pkcs -topk8 -nocrypt, or similar). There's also an open ITS upstream for reading encrypted PKCS#8 keys, last message being "submit a patch": http://www.openldap.org/its/?findid=7221 The changes to support gnutls_x509_privkey_import_pkcs12 and gnutls_x509_privkey_import_openssl (for the encrypted PEM format) would probably be similar to the ones suggested in that ITS. I guess a password prompt also has to be implemented; I don't see a built-in one in gnutls. thanks, Ryan -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
