[Bug 1003841] Re: (regression) cannot contact ldaps server

Launchpad Bug Tracker 1003841 at bugs.launchpad.net
Tue Jul 3 20:28:18 UTC 2012 

This bug was fixed in the package gnutls26 - 2.12.14-5ubuntu3.1

---------------
gnutls26 (2.12.14-5ubuntu3.1) precise-proposed; urgency=low

  * Apply upstream patch to fix validation of certificates when more than
    one with the same short hash exists in the CA bundle (LP: #1003841).
 -- Thorsten Glaser <tg at mirbsd.de>   Thu, 24 May 2012 11:19:12 +0200

** Changed in: gnutls26 (Ubuntu Precise)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1003841

Title:
  (regression) cannot contact ldaps server

Status in “gnutls13” package in Ubuntu:
  Invalid
Status in “gnutls26” package in Ubuntu:
  Fix Released
Status in “gnutls13” source package in Lucid:
  Invalid
Status in “gnutls26” source package in Lucid:
  New
Status in “gnutls13” source package in Oneiric:
  Invalid
Status in “gnutls26” source package in Oneiric:
  Fix Committed
Status in “gnutls13” source package in Precise:
  Invalid
Status in “gnutls26” source package in Precise:
  Fix Released
Status in “gnutls26” package in Debian:
  Fix Released

Bug description:
  Impact:

  gnutls-cli (linked with libgnutls26, like the OpenLDAP client
  libraries) cannot contact our LDAP server securely in precise

  Test case:

  if you generate two CA
  certificates (#1 and #2) with the same DN and hash, then sign the LDAP server’s
  certificate (#3) with #2, not #1, GnuTLS 2.x will not validate it.

  Regression potential:

  the fix is coming from upstream and is available in Debian

  ---

  Hi,

  while trying to debug NSS with LDAP and SSL (not LP#423252 because it
  failed even for nōn-suid programmes) I found that gnutls-cli (linked
  with libgnutls26, like the OpenLDAP client libraries) cannot contact
  our LDAP server securely in precise. More testing resulted in
  determining this to be a regression between natty and oneiric, still
  present in precise. I’m in contact with upstream about this already.
  More information will thus follow.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls13/+bug/1003841/+subscriptions

More information about the Ubuntu-sponsors mailing list