On 09.03.2012 00:31, Simon Josefsson wrote: > Timo Aaltonen <tjaal...@ubuntu.com> writes: > >> On 08.03.2012 20:06, Timo Aaltonen wrote: >>> which doesn't say much. I couldn't test 2.11.7 since snapshot.d.o >>> doesn't have packages for amd64 (FTBFS?), and bisecting without >>> packages is rather hard I guess... Can't test 3.0.x either, since >>> openldap doesn't build against libgnutls28. >> >> Ok I was able to build 2.11.7 after all (disabled tests), and I can >> confirm that it's a working version as well, so this broke some time >> between that and 2.12.0.. trying to bisect more. > > Thanks. What do you know about the server you are testing against?
It's 389 Directory Server on Fedora. > Many LDAP servers seems to have non-standards conforming SSL support. > There is one change between 2.11.7 and 2.12.0 ("Corrected default > behavior in record version of Client Hellos.") that I suspect. Try > adding the "SSL3_RECORD_VERSION" or "LATEST_RECORD_VERSION" priority > string to your client and see if it makes a difference. If this makes a > difference, the problem is with the server. Spot on, that commit changed it. What exactly is broken on the server? Upstream would like to know :) -- t -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org