Bug#514578: LDAP STARTTLS is broken

Witold Baryluk writes: > On 02-13 16:01, Simon Josefsson wrote: > > Can provide any logs if needed. >> >> Please do (gnutls-cli --print-cert -d 4711 against your server). A >> trusted root CA certificate signed with RSA-MD5 should not cause any >> problems. Only intermediate non-trusted certi

Bug#514578: LDAP STARTTLS is broken

On 02-13 16:01, Simon Josefsson wrote: > Can provide any logs if needed. > > Please do (gnutls-cli --print-cert -d 4711 against your server). A > trusted root CA certificate signed with RSA-MD5 should not cause any > problems. Only intermediate non-trusted certificates signed with > RSA-MD5 sho

Bug#514578: LDAP STARTTLS is broken

Witold Baryluk writes: > On 02-12 21:24, Simon Josefsson wrote: >> Witold Baryluk writes: >> >> > I had the same problem today with 2.4.2-5, >> > on my Lenny boxes. 2.4.2-6 also doesn't work. Reverted not to 2.4.2-4. >> > >> > I will regenerate all certificates but this bug is quite invasive. >

Bug#514578: LDAP STARTTLS is broken

On 02-12 21:24, Simon Josefsson wrote: > Witold Baryluk writes: > > > I had the same problem today with 2.4.2-5, > > on my Lenny boxes. 2.4.2-6 also doesn't work. Reverted not to 2.4.2-4. > > > > I will regenerate all certificates but this bug is quite invasive. > > Mayby there should be some fla

Bug#514578: LDAP STARTTLS is broken

Witold Baryluk writes: > I had the same problem today with 2.4.2-5, > on my Lenny boxes. 2.4.2-6 also doesn't work. Reverted not to 2.4.2-4. > > I will regenerate all certificates but this bug is quite invasive. > Mayby there should be some flags in configuration, or more verbose > information ab

Bug#514578: LDAP STARTTLS is broken

Package: libgnutls26 Followup-For: Bug #514578 I had the same problem today with 2.4.2-5, on my Lenny boxes. 2.4.2-6 also doesn't work. Reverted not to 2.4.2-4. I will regenerate all certificates but this bug is quite invasive. Mayby there should be some flags in configuration, or more verbose i

Bug#514578: LDAP STARTTLS is broken

Brian May writes: >> Not impossible, maybe you could try downgrade openldap and see if you >> can reproduce it? >> > > Unfortunately not, I believe I upgrading slapd resulted in the > database format being upgraded at the same time. Ouch. Ok, thanks for your feedback, I think we'll just have

Bug#514578: LDAP STARTTLS is broken

Simon Josefsson wrote: Do you recall which version you upgraded to in step 1? Maybe it was an older version, which didn't have the fixes. The latest version in Etch to the latest version in Lenny. I didn't go past Lenny. Not impossible, maybe you could try downgrade openldap and see if

Bug#514578: LDAP STARTTLS is broken

Brian May writes: > Simon Josefsson wrote: >> Can you provide more details what "works" and "not work" actually means >> for you? Output from gnutls-cli with -d 4711 and --print-cert helps. >> The original failure in this bug report is the intended and documented >> behaviour, so if you really a

Bug#514578: LDAP STARTTLS is broken

Simon Josefsson wrote: Can you provide more details what "works" and "not work" actually means for you? Output from gnutls-cli with -d 4711 and --print-cert helps. The original failure in this bug report is the intended and documented behaviour, so if you really are seeing the same problem, the

Bug#514578: LDAP STARTTLS is broken

Brian May writes: > Brian May wrote: >> I consider this fix as very important (I will need it on most of my >> Lenny installations), and I rather not be using a old unsupported >> version from unstable if/when security fixes came out for Lenny... > > I downgraded to version 2.4.2-5 and it still w

Bug#514578: LDAP STARTTLS is broken

Brian May wrote: I consider this fix as very important (I will need it on most of my Lenny installations), and I rather not be using a old unsupported version from unstable if/when security fixes came out for Lenny... I downgraded to version 2.4.2-5 and it still works. Weird. Furthermore, on

Bug#514578: LDAP STARTTLS is broken

Simon Josefsson wrote: Are you using gnutls 2.4.2-6 from unstable? It should be fixed in that version. It is not fixed in 2.4.2-5 (in testing), I believe. That looks a lot better... Any chance of getting this into Lenny? I consider this fix as very important (I will need it on most of my

Bug#514578: LDAP STARTTLS is broken

Brian May writes: > Hello, > > This appears to break LDAP that uses cacert's class 3 certificate[1]. > > More information at > > From a previous report "you need to trust an intermediary certificate" > - I already do just that, but it doesn't w

Bug#514578: LDAP STARTTLS is broken

Hello, This appears to break LDAP that uses cacert's class 3 certificate[1]. More information at From a previous report "you need to trust an intermediary certificate" - I already do just that, but it doesn't work. As such, I don't believe th