Package: gnutls Severity: normal After many hours of investigation on why ldapsearch was failing when using the ldaps:// method, I found that GNUTLS will, sometimes, scan files in /etc/ssl/certs looking to verify a certificate chain.
When GNUTLS encounters a file that it can't read, it doesn't issue a warning and ignore it (or just ignore it), it hard fails the verification ! There are at least three packages in Debian that cause this problem: telnetd-ssl, ftpd-ssl, ejabberd - and I'll wager there are (and/or will be more in the future). Bugs have been filed against these packages because of this (and that their certificates also included the key)... but GNUTLS could easily handle this problem much more gracefully. -- System Information: Debian Release: testing/unstable APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
