Comment 10 for bug 1003841

Thanks Andreas, yes, with gnutls-cli from libgnutls26-dbg the issue can be reproduced on wheezy.

Sebastien, I’ve provided debdiffs against the current versions of all packages
in *buntu, not sure what more I can provide. I cannot grant anyone access to
the company’s internal LDAP server, but effectively, if you generate two CA
certificates (#1 and #2) with the same DN and hash, then sign the LDAP server’s
certificate (#3) with #2, not #1, GnuTLS 2.x will not validate it. That should
be sufficient information to reproduce.

Sorry, I’ve been a bit fed up with *buntu issue handling and feel the package
maintainers on the *buntu side could actually do such maintenance tasks by
themselves. I’ve rolled out the packages from the patched source with the
exact patches I applied save the version number (used a local suffix that
sorts lower than any *buntu update) in the company’s internal APT repository
for now.

(Also see the discussion on the gnutls mailing list; the patch was provided
by upstream.)