Debian Bug report logs - #477396
slapd: TLS Connections fail when using valid wildcard certificate and compiled against gnutls

version graph

Package: slapd; Maintainer for slapd is Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>; Source for slapd is src:openldap.

Reported by: Ben Goldsbury <debian_bug_reports@gleim.com>

Date: Tue, 22 Apr 2008 22:00:06 UTC

Severity: important

Found in version openldap2.3/2.4.7-6.1

Done: Matthijs Mohlmann <matthijs@cacholong.nl>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#477396; Package slapd. Full text and rfc822 format available.

Acknowledgement sent to Ben Goldsbury <debian_bug_reports@gleim.com>:
New Bug report received and forwarded. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Ben Goldsbury <debian_bug_reports@gleim.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: slapd: TLS Connections fail when using valid wildcard certificate and compiled against gnutls
Date: Tue, 22 Apr 2008 17:53:59 -0400
Package: slapd
Version: 2.4.7-6.1
Severity: important


When using a valid wildcard certificate, clients fail to connect to the ldap server with the error:
TLS certificate verification: Error, unable to get local issuer certificate

Without changing the configuration, and reverting to slapd 2.3 (from Etch), clients work fine with this certificate.

I also grabbed the openldap source package and recompiled it against openssl (instead of gnutls) and it worked fine with the same configuration.

This is my first bug report.  I'll be happy to provide any additional information you may require to investigate.


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.18-6-xen-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages slapd depends on:
ii  adduser                  3.107           add and remove users and groups
ii  coreutils                6.10-3          The GNU core utilities
ii  debconf [debconf-2.0]    1.5.20          Debian configuration management sy
ii  libc6                    2.7-10          GNU C Library: Shared libraries
ii  libdb4.2                 4.2.52+dfsg-4   Berkeley v4.2 Database Libraries [
ii  libgnutls26              2.2.2-1         the GNU TLS library - runtime libr
ii  libldap-2.4-2            2.4.7-6.1       OpenLDAP libraries
ii  libltdl3                 1.5.26-3        A system independent dlopen wrappe
ii  libperl5.8               5.8.8-12        Shared Perl library
ii  libsasl2-2               2.1.22.dfsg1-18 Cyrus SASL - authentication abstra
ii  libslp1                  1.2.1-7.2       OpenSLP libraries
ii  libwrap0                 7.6.q-15        Wietse Venema's TCP wrappers libra
ii  perl [libmime-base64-per 5.8.8-12        Larry Wall's Practical Extraction 
ii  psmisc                   22.6-1          Utilities that use the proc filesy
ii  unixodbc                 2.2.11-16       ODBC tools libraries

Versions of packages slapd recommends:
ii  libsasl2-modules         2.1.22.dfsg1-18 Cyrus SASL - pluggable authenticat

-- debconf information excluded




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#477396; Package slapd. Full text and rfc822 format available.

Acknowledgement sent to <debian_bug_reports@gleim.com>:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #10 received at 477396@bugs.debian.org (full text, mbox):

From: <debian_bug_reports@gleim.com>
To: <477396@bugs.debian.org>
Subject: Re: 477396
Date: Mon, 19 May 2008 08:10:48 -0400 (EDT)
After more work I was able to reproduce this using the GnuTLS command line tools.  You can close this bug, I will be submitting a new one to the GnuTLS team.

Thank you.




Reply sent to Matthijs Mohlmann <matthijs@cacholong.nl>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Ben Goldsbury <debian_bug_reports@gleim.com>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #15 received at 477396-done@bugs.debian.org (full text, mbox):

From: Matthijs Mohlmann <matthijs@cacholong.nl>
To: 477396-done@bugs.debian.org
Subject: Re: slapd: TLS Connections fail when using valid wildcard certificate and, compiled against gnutls
Date: Mon, 26 May 2008 23:12:57 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Closing on request by submitter.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIOyfZ2n1ROIkXqbARAv3DAJ0YZI//WSsF5z7kkG9gCC2ZSDdZswCfZ3S0
gO5mDyMUmZNPsp3qix2J/Sc=
=Wvkp
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 24 Jun 2008 07:38:17 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 16:38:14 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.