[Bug 257153] [NEW] "TLS: peer cert untrusted or revoked (0x82)" error in Hardy's version of ldap-utils
Karl M. Davis
karl at davisonlinehome.name
Tue Aug 12 02:37:16 BST 2008
Public bug reported:
Binary package hint: ldap-utils
When trying to run ldapsearch against my local LDAP server, I receive the following error (simplified):
TLS: peer cert untrusted or revoked (0x82)
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
However, if I try the same operation from a 6.06 box I've got, it works fine. Here's the command:
ldapsearch -H ldaps://mydomain.name -d 99
Here's the only option I've got set in /etc/ldap/ldap.conf:
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
Please note that connecting via openssl to the same LDAP server seems to work just fine (even from the Hardy box):
openssl s_client -connect mydomain.name:636 -showcerts -CAfile /etc/ssl/certs/ca-certificates.crt
>From what I've read, I'm guessing this has something to do with the
switch to gnutls in Hardy. If it makes any difference, my SSL
certificate is one of the cheap ones from GoDaddy (pain in the ass to
get working, by the way).
I've attached the standard and debug output from the ldapsearch command. If I specify the following option in my /etc/ldap/ldap.conf file, I can connect just fine:
TLS_REQCERT allow
My Hardy 8.04.1 box has ldap-utils v2.4.9-0ubuntu0.8.04.1 installed,
along with libgnutls v2.0.4-1ubuntu2.1. Please let me know if you need
any further information.
** Affects: openldap2.3 (Ubuntu)
Importance: Undecided
Status: New
--
"TLS: peer cert untrusted or revoked (0x82)" error in Hardy's version of ldap-utils
https://bugs.launchpad.net/bugs/257153
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap2.3 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list