Your message dated Sat, 19 Mar 2011 16:09:17 +0100 with message-id <[email protected]> and subject line Re: Bug#616035: [libgnutls26] Breaks OpenLDAP with message: TLS: peer cert untrusted or revoked (0x402) has caused the Debian Bug report #616035, regarding [libgnutls26] Breaks OpenLDAP with message: TLS: peer cert untrusted or revoked (0x402) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 616035: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616035 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: libgnutls26 Version: 2.10.4-2 Severity: grave After the upgrade to version 2.10.4 pam authentication against OpenLDAP fails with the following error message: TLS: peer cert untrusted or revoked (0x402) TLS: can't connect: (unknown error code). Had to downgrade to 2.8.6 to be able to log in again. Thanks, Vedran --- System information. --- Architecture: amd64 Kernel: Linux 2.6.37-1-amd64 Debian Release: wheezy/sid --- Package information. --- Depends (Version) | Installed ============================-+-============= libc6 (>= 2.3) | 2.11.2-11 libgcrypt11 (>= 1.4.2) | 1.4.6-5 libtasn1-3 (>= 1.6-0) | 2.9-2 zlib1g (>= 1:1.1.4) | 1:1.2.3.4.dfsg-3 Package's Recommends field is empty. Suggests (Version) | Installed =========================-+-=========== gnutls-bin | -- http://vedranf.net | a8e7a7783ca0d460fee090cc584adc12<<attachment: vedran_furac.vcf>>
--- End Message ---
--- Begin Message ---On 2011-03-10 Vedran Furač <[email protected]> wrote: > On 10.03.2011 08:54, Nikos Mavrogiannopoulos wrote: > > On 03/10/2011 04:14 AM, Vedran Furač wrote: > >>>>>> - subject `blahblah', issuer `blahblah', RSA key 1024 bits, signed > >>>>>> using RSA-SHA, activated `2006-07-22 12:59:58 UTC', expires `2009-07-21 > >>>>>> 12:59:58 UTC', SHA-1 fingerprint > >>>>>> `ec5248b3194be9fda5639b59458962bc9bee32cc' > >>>>> Looks like one of certs had expired? > >>>> That could be the problem, but that would indicate a bug in the all > >>>> previous versions of gnutls. > >>> The expiration checking had to be explicitly done by the application using > >>> gnutls in the previous version. Implicit checking by gnutls was added in > >>> 2.8.x. > >> 2.8? But it works for me in 2.8.6, something is changed in 2.10.x. > > The change in 2.10 was that the intermediate and CA certificates are > > being checked for expiration as well. > OK, that would explain it. [...] > Anyway, you can close the report. [x] Done. cu andreas
--- End Message ---

