Just noting for posterity, as of GnuTLS 2.8.0 (released 2009-05-27) you can use %VERIFY_ALLOW_X509_V1_CA_CRT in the TLSCipherSuite options to enable V1 CA certs. I will probably #ifdef the current OpenLDAP patch to turn it off for GnuTLS >= 2.8.0. (Haven't decided on best course of action yet, given http://bugs.debian.org/cgi- bin/bugreport.cgi?bug=541256 )
** Bug watch added: Debian Bug tracker #541256 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541256 -- gnutls regression: failure in certificate chain validation https://bugs.launchpad.net/bugs/305264 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
