[Bug 1003841] Re: (regression) cannot contact ldaps server

[Steve Langasek]

** Tags added: verification-done

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1003841

Title:
  (regression) cannot contact ldaps server

Status in “gnutls13” package in Ubuntu:
  Invalid
Status in “gnutls26” package in Ubuntu:
  Fix Released
Status in “gnutls13” source package in Lucid:
  Invalid
Status in “gnutls26” source package in Lucid:
  New
Status in “gnutls13” source package in Oneiric:
  Invalid
Status in “gnutls26” source package in Oneiric:
  Fix Committed
Status in “gnutls13” source package in Precise:
  Invalid
Status in “gnutls26” source package in Precise:
  Fix Committed
Status in “gnutls26” package in Debian:
  Fix Released

Bug description:
  Impact:

  gnutls-cli (linked with libgnutls26, like the OpenLDAP client
  libraries) cannot contact our LDAP server securely in precise

  Test case:

  if you generate two CA
  certificates (#1 and #2) with the same DN and hash, then sign the LDAP server’s
  certificate (#3) with #2, not #1, GnuTLS 2.x will not validate it.

  Regression potential:

  the fix is coming from upstream and is available in Debian

  ---

  Hi,

  while trying to debug NSS with LDAP and SSL (not LP#423252 because it
  failed even for nōn-suid programmes) I found that gnutls-cli (linked
  with libgnutls26, like the OpenLDAP client libraries) cannot contact
  our LDAP server securely in precise. More testing resulted in
  determining this to be a regression between natty and oneiric, still
  present in precise. I’m in contact with upstream about this already.
  More information will thus follow.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls13/+bug/1003841/+subscriptions