It looks like very recent GnuTLS releases (= 3.3.6) may have finally
added the API needed to make this possible:
https://www.happyassassin.net/2015/01/12/a-note-about-ssltls-trusted-
certificate-stores-and-platforms/
http://gnutls.org/manual/html_node/X509-certificate-API.html#index-
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: gnutls26 (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in Ubuntu.
As mentioned earlier in this bug report, the TLS_CACERTDIR configuration
directive stopped working when the openldap packages were linked to the GNUTLS
library. (At least in the Lucid version, the ldap.conf man page specifcially
mentions this issue:
TLS_CACERTDIR path
Hi I'm using the ubuntu 9.10 kernel 2.6.31-21-generic
with the
Package: libldap-2.4-2
State: installed
Automatically installed: no
Version: 2.4.18-0ubuntu1
Priority: important
Section: libs
Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com
Uncompressed Size: 500k
and the bug
FWIW: This same bad behavior is manifest on Jaunty w/OpenLDAP 2.4.15 and
libldap-2.4-2.
Abbreviated output of: gnutls-cli --x509cafile /usr/share/ca-
certificates/my.crt -p 636 our.ldapserver.com
---
Processed 3 CA certificate(s).
Resolving 'our.ldapserver.com'...
Connecting to
It seems the latest release of OpenLDAP addresses these issues. Per the
changlog:
OpenLDAP 2.4 Change Log
OpenLDAP 2.4.16 Release (2009/04/05)
Fixed libldap GnuTLS with x509v1 CA certs (ITS#5992)
Fixed libldap GnuTLS with CA chains (ITS#5991)
Fixed libldap GnuTLS
** Attachment added: ldap.conf
http://launchpadlibrarian.net/26188570/ldap.conf
--
TLS_CACERTDIR not supported in gnutls
https://bugs.launchpad.net/bugs/242313
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.
--
This is because the gnutls doesn't support CA certificates stored in a
directory (contrary to openssl). Opening a task for the gnutls package.
** Changed in: openldap (Ubuntu)
Importance: Undecided = Medium
Status: Confirmed = Triaged
** Also affects: gnutls26 (Ubuntu)
Importance:
Ack, I'm glad I'm not the only one to encounter this. I was pulling my
hair out thinking it was a problem with my configuration, but couldn't
figure out what it could be, since I don't have this problem in Dapper.
It just seems to be an issue in Hardy.
If it helps any, I encountered this problem
I can confirm the cacertdir not implemented for gnutls warning
message. The same setup that worked for me on Gutsy no longer works on
Hardy.
I had only added the following option to my /etc/ldap/ldap.conf file:
TLS_CACERTDIR /usr/share/ca-certificates/mozilla
However, while this ticket might
Please include the log file when this happens
Thanks
chuck
--
TLS_CACERTDIR not supported in gnutls
https://bugs.launchpad.net/bugs/242313
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap2.3 in ubuntu.
--
Ubuntu-server-bugs
Can you try the version from hardy-updates?
Thanks
chuck
** Changed in: openldap2.3 (Ubuntu)
Status: New = Incomplete
--
TLS_CACERTDIR not supported in gnutls
https://bugs.launchpad.net/bugs/242313
You received this bug notification because you are a member of Ubuntu
Server Team, which
libldap-2.4-2:
Installed: 2.4.9-0ubuntu0.8.04
Candidate: 2.4.9-0ubuntu0.8.04
Version table:
*** 2.4.9-0ubuntu0.8.04 0
500 http://be.archive.ubuntu.com hardy-updates/main Packages
100 /var/lib/dpkg/status
2.4.7-6ubuntu3 0
500 http://be.archive.ubuntu.com
13 matches
Mail list logo