Thanks Andreas, yes, with gnutls-cli from libgnutls26-dbg the issue can be reproduced on wheezy.
Sebastien, I’ve provided debdiffs against the current versions of all packages in *buntu, not sure what more I can provide. I cannot grant anyone access to the company’s internal LDAP server, but effectively, if you generate two CA certificates (#1 and #2) with the same DN and hash, then sign the LDAP server’s certificate (#3) with #2, not #1, GnuTLS 2.x will not validate it. That should be sufficient information to reproduce. Sorry, I’ve been a bit fed up with *buntu issue handling and feel the package maintainers on the *buntu side could actually do such maintenance tasks by themselves. I’ve rolled out the packages from the patched source with the exact patches I applied save the version number (used a local suffix that sorts lower than any *buntu update) in the company’s internal APT repository for now. (Also see the discussion on the gnutls mailing list; the patch was provided by upstream.) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1003841 Title: (regression) cannot contact ldaps server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnutls13/+bug/1003841/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
