Your message dated Sat, 17 May 2008 16:47:04 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#400448: fixed in gnutls26 2.3.9-1
has caused the Debian Bug report #400448,
regarding libnss-ldap: Certificate verification using "tls_cacertdir" causes
long delay
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
400448: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=400448
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: libnss-ldap
Version: 238-1
Severity: grave
Justification: renders package unusable
Hi!
When I configure CA directory with "tls_cacertdir" configuration option
in /etc/libnss.conf file NSS querying (for example "finger mitar") takes
very long (about 20 seconds per query). With only CA file in both
/etc/libnss.conf and /etc/ldap/ldap.conf it is normally fast.
Other LDAP programs (ldapsearch) verify CA directory without delay. I
noticed this delay only with libnss-ldap (and libpam-ldap but I have not
worked on that yet so I am not sure that it is the same cause).
I have only default Debian CA certificates (ca-certificates) and one
local self-signed for LDAP server.
I checked also with current unstable package (251-7) and it is the same.
Mitar
Relevant options in /etc/nsswitch.conf:
passwd: files ldap
group: files
shadow: files
All options in /etc/libnss.conf:
host 127.0.0.1:636
base dc=druga,dc=org
uri ldaps://127.0.0.1:636/
ldap_version 3
port 636
bind_policy hard
pam_login_attribute uid
pam_password exop
nss_base_passwd ou=People,dc=druga,dc=org
ssl on
tls_checkpeer yes
tls_cacertfile /etc/ssl/certs/ca-certificates.crt
tls_cacertdir /etc/ssl/certs
tls_ciphers HIGH:!SSLv2
All options in /etc/ldap/ldap.conf:
BASE dc=druga,dc=org
URI ldaps://127.0.0.1:636/
HOST 127.0.0.1:636
PORT 636
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
TLS_CACERTDIR /etc/ssl/certs
TLS_REQCERT demand
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.17-usura
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages libnss-ldap depends on:
ii debconf 1.4.30.13 Debian configuration management sy
ii libc6 2.3.2.ds1-22sarge4 GNU C Library: Shared libraries an
ii libkrb53 1.3.6-2sarge3 MIT Kerberos runtime libraries
ii libldap2 2.1.30-8 OpenLDAP libraries
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: gnutls26
Source-Version: 2.3.9-1
We believe that the bug you reported is fixed in the latest version of
gnutls26, which is due to be installed in the Debian FTP archive:
gnutls-bin_2.3.9-1_i386.deb
to pool/main/g/gnutls26/gnutls-bin_2.3.9-1_i386.deb
gnutls-doc_2.3.9-1_all.deb
to pool/main/g/gnutls26/gnutls-doc_2.3.9-1_all.deb
gnutls26_2.3.9-1.diff.gz
to pool/main/g/gnutls26/gnutls26_2.3.9-1.diff.gz
gnutls26_2.3.9-1.dsc
to pool/main/g/gnutls26/gnutls26_2.3.9-1.dsc
gnutls26_2.3.9.orig.tar.gz
to pool/main/g/gnutls26/gnutls26_2.3.9.orig.tar.gz
guile-gnutls_2.3.9-1_i386.deb
to pool/main/g/gnutls26/guile-gnutls_2.3.9-1_i386.deb
libgnutls-dev_2.3.9-1_i386.deb
to pool/main/g/gnutls26/libgnutls-dev_2.3.9-1_i386.deb
libgnutls26-dbg_2.3.9-1_i386.deb
to pool/main/g/gnutls26/libgnutls26-dbg_2.3.9-1_i386.deb
libgnutls26_2.3.9-1_i386.deb
to pool/main/g/gnutls26/libgnutls26_2.3.9-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <[EMAIL PROTECTED]> (supplier of updated gnutls26 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 17 May 2008 16:56:04 +0200
Source: gnutls26
Binary: libgnutls-dev libgnutls26 libgnutls26-dbg gnutls-bin gnutls-doc
guile-gnutls
Architecture: source all i386
Version: 2.3.9-1
Distribution: experimental
Urgency: low
Maintainer: Debian GnuTLS Maintainers <[EMAIL PROTECTED]>
Changed-By: Andreas Metzler <[EMAIL PROTECTED]>
Description:
gnutls-bin - the GNU TLS library - commandline utilities
gnutls-doc - the GNU TLS library - documentation and examples
guile-gnutls - the GNU TLS library - GNU Guile bindings
libgnutls-dev - the GNU TLS library - development files
libgnutls26 - the GNU TLS library - runtime library
libgnutls26-dbg - GNU TLS library - debugger symbols
Closes: 364287 400448
Changes:
gnutls26 (2.3.9-1) experimental; urgency=low
.
* New upstream development version.
- OpenPGP support merged into libgnutls and is now licensed under LGPL.
The included copy of OpenCDK has been stripped down and re-licensed
under the LGPL. Using the external OpenCDK is not supported anymore, the
external library will not be maintained anymore. Drop respective
(build-)depends.
- API extended, bump shlibs.
- certtool asks for password confirmation. Closes: #364287
- performance enhancements for gnutls_certificate_set_x509_trust_file.
Closes: #400448
* For paranoia sake build with -D_REENTRANT even if upstream has stopped
doing so.
* [debian/copyright] : update, and stop including a GFDL copy.
* Point watchfile to development versions.
Checksums-Sha1:
d5aba7373b053125aac5efa8d8a8792fca2d634b 1537 gnutls26_2.3.9-1.dsc
a2319ed5b87827b3012c59180afda47a21248ce0 6001373 gnutls26_2.3.9.orig.tar.gz
aa0bb332e5abcacbf43c7bccef3a9fa1336092bf 13874 gnutls26_2.3.9-1.diff.gz
edc98ce156b94b48e2fc90276009e0c5081418fc 2727392 gnutls-doc_2.3.9-1_all.deb
b28f6b65dd38da8310d4f05f80251a4f528a32d7 520016 libgnutls-dev_2.3.9-1_i386.deb
b69eabaee8fa3bf3b774c8c35e68e325b0072acc 442968 libgnutls26_2.3.9-1_i386.deb
d4f2b0fe50cf27aca420f399d47d8ee0d08d4363 1076596
libgnutls26-dbg_2.3.9-1_i386.deb
d6619c3b0c83b558805c4e90c2d53a62fe05c6a7 255352 gnutls-bin_2.3.9-1_i386.deb
d91666ae902397f77dc7879f9985fba1d02a6587 200930 guile-gnutls_2.3.9-1_i386.deb
Checksums-Sha256:
2c791a0ed8820511993c137ca544bff3f2844d8d03e77a79e1548975039edba6 1537
gnutls26_2.3.9-1.dsc
0538f77dd1f320d70910be34684eb32719015b5bbe0d939d46a9c46c35e106c5 6001373
gnutls26_2.3.9.orig.tar.gz
7d6c3093a2e684b393339fedb669cbc9bb2391e37b0a2b5ea9c33557446fca58 13874
gnutls26_2.3.9-1.diff.gz
bcc3494ac261cc9dcf1c9333e4f6bcfe02675e7303aa81124df187de881ae8f5 2727392
gnutls-doc_2.3.9-1_all.deb
d437f9c0611699999cbe0d3d5e948d8936bcb2e782e5a566708e00e1a341848c 520016
libgnutls-dev_2.3.9-1_i386.deb
dcc9f0cddb82158db20f62aeecc3f06f0c4d2ee160a8437b26dc83747018291e 442968
libgnutls26_2.3.9-1_i386.deb
3a3401a3bada74930385990445ba1bbcbb29a2874ccb8069901ae497b2568ecb 1076596
libgnutls26-dbg_2.3.9-1_i386.deb
93dbf3988b857a78023f482dc2339d0a30b1d88a413013526f64d89a6ca5603f 255352
gnutls-bin_2.3.9-1_i386.deb
a0d2436ebe5f1fc503cc4590cf66a60b6a21d6525594d56cb5cdc380c19ab5ad 200930
guile-gnutls_2.3.9-1_i386.deb
Files:
7d42a3170e63104be9456487bff48f87 1537 devel optional gnutls26_2.3.9-1.dsc
2b6fa1bb5aaafd19f74c494e7cc01d3e 6001373 devel optional
gnutls26_2.3.9.orig.tar.gz
5fbb694c6c43c22c1c1c46359cb5b30e 13874 devel optional gnutls26_2.3.9-1.diff.gz
5b34d84650e89a8bf2558acb9fc04bc3 2727392 doc optional
gnutls-doc_2.3.9-1_all.deb
c1c5b0ff36e9bbbff4611cfb43cf37cb 520016 libdevel optional
libgnutls-dev_2.3.9-1_i386.deb
3c3be7751318210336db57e49df37afa 442968 libs important
libgnutls26_2.3.9-1_i386.deb
def3abc94955b5e5c2d30a392f0c0e89 1076596 devel extra
libgnutls26-dbg_2.3.9-1_i386.deb
886177c94eca1b44b02f9e3d7b6a2ff0 255352 net optional
gnutls-bin_2.3.9-1_i386.deb
ddeb72ce01cf8c262bb0e650ffe19b6b 200930 libs optional
guile-gnutls_2.3.9-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFILwlJHTOcZYuNdmMRAs9mAJ9VDZyTza4iAPOomFwA5dMqWZF59ACfTYre
rI3D/7EYW5hoqBUVP5xhTkg=
=F/Ud
-----END PGP SIGNATURE-----
--- End Message ---
