"TLS: peer cert untrusted or revoked (0x82)" error in Hardy's version of ldap-utils
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openldap (Ubuntu) |
Expired
|
Medium
|
Unassigned |
Bug Description
Binary package hint: ldap-utils
When trying to run ldapsearch against my local LDAP server, I receive the following error (simplified):
TLS: peer cert untrusted or revoked (0x82)
ldap_sasl_
However, if I try the same operation from a 6.06 box I've got, it works fine. Here's the command:
ldapsearch -H ldaps:/
Here's the only option I've got set in /etc/ldap/
TLS_CACERT /etc/ssl/
Please note that connecting via openssl to the same LDAP server seems to work just fine (even from the Hardy box):
openssl s_client -connect mydomain.name:636 -showcerts -CAfile /etc/ssl/
From what I've read, I'm guessing this has something to do with the switch to gnutls in Hardy. If it makes any difference, my SSL certificate is one of the cheap ones from GoDaddy (pain in the ass to get working, by the way).
I've attached the standard and debug output from the ldapsearch command. If I specify the following option in my /etc/ldap/ldap.conf file, I can connect just fine:
TLS_REQCERT allow
My Hardy 8.04.1 box has ldap-utils v2.4.9-
I am seeing this same issue. Let me know if there is any information I can provide that would be helpful, but my output is basically the same as what Karl has already posted.
And for those interested, you can work around the issue with the following option in ldap.conf:
TLS_REQCERT allow
...however, this is insecure as it ignores certificate verification errors and just continues with the connection anyway.