On Sat, Jul 20, 2019 at 4:46 PM Michael Ströder <mich...@stroeder.com> wrote:
> On 7/20/19 3:41 PM, Michael Ströder wrote: > > On 7/20/19 1:31 PM, Nikos Voutsinas wrote: > >> Ok that can be done, although I am pretty sure that it will work with > >> OpenSSL since you have already tested a similar setup on openSUSE. > >> > >> The idea here is to first confirm with others the problem and then early > >> identify the change set that triggers this before the announcement of > >> the release > >> > >> What worries me is that the exact config options and gnutls libs with > >> the 2.4.47 source works as expected, thus we can not blame GNUTLS for > >> that, despite any arguments one may have against GNUTLS. > > > > Let's not speculate about whatever might be the cause or not. > > > > Just start testing. Take care not to mess up builds and test results > > (like I did sometimes during the last days). > > BTW: Are your 2.4.47 and 2.4.48 builds are done exactly the same way? > OPENLDAP_REL_ENG_2_4_48 with OpenSSL-1.1.1c (on Debian / Buster) works OPENLDAP_REL_ENG_2_4_48 with GNUTLS-3.6.7 (on Debian / Buster) doesn't work(*) OPENLDAP_REL_END_2_4_48 also works on Solaris with openssl OPENLDAP 2.4.47 Debian's official package with GNUTLS-3.6.7 also works (*) I also tried to pass the trusted CAs via olcTLSCACertificateFile in cn=config after Ondřej's comment, with the same result. In any case the heads up on the devel list was mostly to identify a possible issue at the openldap side before the release. If it turns out to be a Debian specific issue, then I assume that the Debian's Openldap Maintainers will take of it. Nikos