[Bug 257153] [NEW] "TLS: peer cert untrusted or revoked (0x82)" error in Hardy's version of ldap-utils

Karl M. Davis karl at davisonlinehome.name
Tue Aug 12 02:37:16 BST 2008

Public bug reported:

Binary package hint: ldap-utils

When trying to run ldapsearch against my local LDAP server, I receive the following error (simplified):
TLS: peer cert untrusted or revoked (0x82)
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

However, if I try the same operation from a 6.06 box I've got, it works fine.  Here's the command:
ldapsearch -H ldaps://mydomain.name -d 99

Here's the only option I've got set in /etc/ldap/ldap.conf:
TLS_CACERT      /etc/ssl/certs/ca-certificates.crt

Please note that connecting via openssl to the same LDAP server seems to work just fine (even from the Hardy box):
openssl s_client -connect mydomain.name:636 -showcerts -CAfile /etc/ssl/certs/ca-certificates.crt

>From what I've read, I'm guessing this has something to do with the
switch to gnutls in Hardy.  If it makes any difference, my SSL
certificate is one of the cheap ones from GoDaddy (pain in the ass to
get working, by the way).

I've attached the standard and debug output from the ldapsearch command.  If I specify the following option in my /etc/ldap/ldap.conf file, I can connect just fine:
TLS_REQCERT    allow

My Hardy 8.04.1 box has ldap-utils v2.4.9-0ubuntu0.8.04.1 installed,
along with libgnutls v2.0.4-1ubuntu2.1.  Please let me know if you need
any further information.

** Affects: openldap2.3 (Ubuntu)
     Importance: Undecided
         Status: New

"TLS: peer cert untrusted or revoked (0x82)" error in Hardy's version of ldap-utils
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap2.3 in ubuntu.

More information about the Ubuntu-server-bugs mailing list