Your message dated Fri, 02 Jan 2015 12:40:16 +0000
with message-id <[email protected]>
and subject line Bug#767610: Removed package(s) from unstable
has caused the Debian Bug report #683095,
regarding ldap client breaks after upgrade to wheezy
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
683095: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683095
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libgnutls26
Severity: important
Version: 2.12.20-1
I just upgraded a test server from squeeze to wheezy
The server had working LDAP authentication before the upgrade.
After the upgrade, LDAP authentication not working, no login possible.
Checking with ldapclient -d 3, I discovered this error:
TLS: peer cert untrusted or revoked (0x102)
TLS: can't connect: (unknown error code).
Adding `TLS_REQCERT allow' to /etc/ldap/ldap.conf makes a workaround and
ldapclient works
I suspect that GnuTLS is now more strict about something - however, this
is a very bad way to find out
Specifically, my server uses a 4096 bit RSA cert signed by CACert.org
The CACert.org class 3 root is 4096 with SHA256
The CACert.org class 1 root is 4096 md5WithRSAEncryption
My client machine has a copy of both roots locally, but I'm guessing it
is getting stuck on the MD5 issue
I tried setting TLS_CIPHER_SUITE but couldn't find any value that works
At the very least, gnutls should give more detail for those unable to
guess what might be broken. More importantly, it would be nice to have
it work because it has the class 3 (intermediate) root certificate
locally, in such situations, the md5 signature on the ultimate root is
not so important.
--- End Message ---
--- Begin Message ---
Version: 2.12.23-17+rm
Dear submitter,
as the package gnutls26 has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/767610
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
[email protected].
Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---
