Ok, I solved my problem now.
My cacert.pem was a x509 v3 certificate, with Signature Algorithm:
md5WithRSAEncryption. With that cacert I got a "Verification failed"
from the gnutls-cli command (but not from the openssl command like
posted above).
After creating a new x509 v3 cacert.pem with Signature Algorithm:
sha1WithRSAEncryption, the gnutls-cli command succeeds with "Peer's
certificate is trusted", and the ldap authentication works fine now on
my Ubuntu 8.04 machine.
Software:
dpkg-query -W -f='${Package} ${Version} ${Source} ${Status}\n' | egrep
'slapd|ldap|gnutls'
gnutls-bin 2.0.4-1ubuntu2.6 gnutls13 install ok installed
ldap-auth-client 0.5 install ok installed
ldap-auth-config 0.5 ldap-auth-client install ok installed
ldap-utils 2.4.9-0ubuntu0.8.04.1 openldap2.3 install ok installed
libcurl3-gnutls 7.18.0-1ubuntu2.2 curl install ok installed
libgnutls13 2.0.4-1ubuntu2.6 gnutls13 install ok installed
libldap-2.4-2 2.4.9-0ubuntu0.8.04.1 openldap2.3 install ok installed
libnss-ldap 258-1ubuntu3 install ok installed
libpam-ldap 184-2ubuntu2 install ok installed
--
"TLS: peer cert untrusted or revoked (0x82)" error in Hardy's version of
ldap-utils
https://bugs.launchpad.net/bugs/257153
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
