libgnutls13 rejects ldap server's self-signed certificate
Binary package hint: libgnutls13
Description: Ubuntu 8.04.3 LTS
I have a machine running Ubuntu hardy which uses a remote ldap server for authentication and has been working smoothly for about two years now. Today, after upgrading libgnutls13 from 2.0.4-1ubuntu2.3 to 2.0.4-1ubuntu2.5 all the ldap queries failed. It appeared that gnutls was rejecting the self-signed certificate presented by the ldap server.
/var/log/auth.log reported these errors: "nscd: nss_ldap: could not search LDAP server - Server is unavailable"
The log on the ldap server showed incoming connections which then immediately would unbind again.
Doing a standalone ldapsearch against the server resulted in the error: "TLS: peer cert untrusted or revoked (0x42)."
After downgrading libgnutls13 back to version 2.0.4-1ubuntu2.3 the ldap queries succeeded and users could once again login to the system. Note, however, that a standalone ldapsearch still gives the error message above.