[Bug 305264] Re: gnutls regression: failure in certificate chain validation

Steve Langasek steve.langasek at canonical.com
Fri Feb 20 00:54:37 GMT 2009


Further discussion led to the observation that OpenLDAP's gnutls support
is a port of the existing OpenSSL handling, and it's therefore
reasonable for openldap itself to enable the V1 CA cert option in order
to provide feature parity when building with GnuTLS vs. OpenSSL, even if
this is not altogether desirable from a security POV.  I'm therefore
reopening the openldap tasks for those releases where openldap is linked
against GnuTLS.

The upstream discussion also points to regressions in behavior that are
side effects of the change, rather than deliberate security
enhancements, which should therefore be fixed in the gnutls26 package
still - so leaving those tasks open also.

** Changed in: openldap (Ubuntu Jaunty)
   Importance: Undecided => High
     Assignee: (unassigned) => Mathias Gug (mathiaz)
       Status: Invalid => Triaged

** Changed in: openldap (Ubuntu Intrepid)
   Importance: Undecided => High
       Status: Invalid => Triaged

** Changed in: openldap (Ubuntu Hardy)
   Importance: Undecided => High
       Status: Invalid => Triaged

-- 
gnutls regression: failure in certificate chain validation
https://bugs.launchpad.net/bugs/305264
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.



More information about the Ubuntu-server-bugs mailing list