(regression) cannot contact ldaps server
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnutls13 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Hardy |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Invalid
|
Undecided
|
Unassigned | ||
Oneiric |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Invalid
|
Undecided
|
Unassigned | ||
gnutls26 (Debian) |
Fix Released
|
Undecided
|
Unassigned | ||
gnutls26 (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Lucid |
Fix Released
|
High
|
Unassigned | ||
Oneiric |
Fix Released
|
High
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Unassigned |
Bug Description
Impact:
gnutls-cli (linked with libgnutls26, like the OpenLDAP client libraries) cannot contact our LDAP server securely in precise
Test case:
if you generate two CA
certificates (#1 and #2) with the same DN and hash, then sign the LDAP server’s
certificate (#3) with #2, not #1, GnuTLS 2.x will not validate it.
Regression potential:
the fix is coming from upstream and is available in Debian
---
Hi,
while trying to debug NSS with LDAP and SSL (not LP#423252 because it failed even for nōn-suid programmes) I found that gnutls-cli (linked with libgnutls26, like the OpenLDAP client libraries) cannot contact our LDAP server securely in precise. More testing resulted in determining this to be a regression between natty and oneiric, still present in precise. I’m in contact with upstream about this already. More information will thus follow.
Changed in gnutls26 (Ubuntu): | |
importance: | Undecided → High |
Changed in gnutls26 (Debian): | |
status: | New → Fix Released |
Changed in gnutls26 (Ubuntu Precise): | |
importance: | Undecided → High |
Changed in gnutls26 (Ubuntu Precise): | |
status: | New → Fix Committed |
description: | updated |
Changed in gnutls26 (Ubuntu Precise): | |
milestone: | none → ubuntu-12.04.1 |
tags: | added: verification-done |
Upstream provided a fix, and I’ve built a package with the fix and tested it. First for oneiric…