Debian Bug report logs - #560161
php5-ldap: LDAPS and LDAP+TLS return error on valid wildcard certificate check

version graph

Package: php5-ldap; Maintainer for php5-ldap is (unknown);

Reported by: "Clement Hermann \(nodens\)" <clement.hermann@free.fr>

Date: Wed, 9 Dec 2009 11:45:01 UTC

Severity: normal

Fixed in versions php5/5.4.4-7, 5.4.4-14

Done: Ondřej Surý <ondrej@sury.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#560161; Package php5-ldap. (Wed, 09 Dec 2009 11:45:04 GMT) (full text, mbox, link).


Acknowledgement sent to "Clement Hermann \(nodens\)" <clement.hermann@free.fr>:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Wed, 09 Dec 2009 11:45:04 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: "Clement Hermann \(nodens\)" <clement.hermann@free.fr>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: php5-ldap: LDAPS and LDAP+TLS return error on valid wildcard certificate check
Date: Wed, 09 Dec 2009 12:34:32 +0100
Package: php5-ldap
Severity: normal

Hi,

php5-ldap return error on bind when server is using a wildcard
SSL certificate, even when the certificate is valid. ldapsearch works
OK on the same certificate.

Workaround : add TLS_REQCERT never in ldap.conf (but then you cannot
verify that you are connecting to the right server), or use a simple
(non-wildcard) certificate.

This is probably an upstream bug (see
http://bugs.php.net/bug.php?id=17738), but the relevant bug is
currently in "no feedback" state so maybe it could be re-opened as a new bug.
(I don't have any php version supported upstream readily available that
can connect to a ldaps server with a wildcard cert, so I did not report
it upstream).

Cheers,

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'sid'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.31-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash




Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#560161; Package php5-ldap. (Thu, 10 Dec 2009 02:36:03 GMT) (full text, mbox, link).


Acknowledgement sent to Raphael Geissert <geissert@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Thu, 10 Dec 2009 02:36:03 GMT) (full text, mbox, link).


Message #10 received at 560161@bugs.debian.org (full text, mbox, reply):

From: Raphael Geissert <geissert@debian.org>
To: "Clement Hermann (nodens)" <clement.hermann@free.fr>, 560161@bugs.debian.org
Cc: 427849-submitter@bugs.debian.org
Subject: Re: [php-maint] Bug#560161: php5-ldap: LDAPS and LDAP+TLS return error on valid wildcard certificate check
Date: Wed, 9 Dec 2009 20:34:07 -0600
Hi,

2009/12/9 Clement Hermann (nodens) <clement.hermann@free.fr>:
> Package: php5-ldap
> Severity: normal
>
> Hi,
>
> php5-ldap return error on bind when server is using a wildcard
> SSL certificate, even when the certificate is valid. ldapsearch works
> OK on the same certificate.
>
> Workaround : add TLS_REQCERT never in ldap.conf (but then you cannot
> verify that you are connecting to the right server), or use a simple
> (non-wildcard) certificate.
>
> This is probably an upstream bug (see
> http://bugs.php.net/bug.php?id=17738), but the relevant bug is
> currently in "no feedback" state so maybe it could be re-opened as a new bug.
> (I don't have any php version supported upstream readily available that
> can connect to a ldaps server with a wildcard cert, so I did not report
> it upstream).
>

Please do report it to upstream as this is not a Debian-specific bug
and chances are that it is going to be fixed sooner if reported there.

CC'ing 427849 as it might be the same problem (and explain why when I
tested it worked).

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net




Reply sent to Ondřej Surý <ondrej@sury.org>:
You have taken responsibility. (Fri, 04 Jul 2014 14:33:05 GMT) (full text, mbox, link).


Notification sent to "Clement Hermann \(nodens\)" <clement.hermann@free.fr>:
Bug acknowledged by developer. (Fri, 04 Jul 2014 14:33:05 GMT) (full text, mbox, link).


Message #15 received at 560161-done@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@sury.org>
To: 560161-done@bugs.debian.org
Subject: Re: Closing bugs filled against php5 in oldstable
Date: Fri, 04 Jul 2014 16:30:56 +0200
Version: 5.4.4-14

On Fri, Jul 4, 2014, at 14:09, Ondřej Surý wrote:
> Version: 5.4.4-14
> 
> Hey all,
> 
> I am closing the bugs that were filled against php5 5.3 in Debian
> oldstable
> (well and earlier)...
> 
> Feel free to reopen the bug in you can reproduce it with php5 from
> current
> stable Debian release.
> 
> Cheers,
> -- 
> Ondřej Surý <ondrej@sury.org>
> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server


-- 
Ondřej Surý <ondrej@sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server



Marked as fixed in versions php5/5.4.4-7. Request was from Ondřej Surý <ondrej@debian.org> to control@bugs.debian.org. (Wed, 09 Jul 2014 09:03:18 GMT) (full text, mbox, link).


Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 07 Aug 2014 07:33:10 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Jul 2 03:37:56 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.