[Pkg-freeradius-maintainers] Bug#1032590: Intermediate certficate support

[Bernhard Schmidt]

Am 11.03.23 um 14:51 schrieb Sakirnth Nagarasa:

Hi,

> On 3/10/23 08:55, Bernhard Schmidt wrote:
>> I will upload a 3.2.1-3 within the next hours to cherry-pick this, could
>> you please test the resulting binary and report back? I will then apply
>> for a freeze exception.
> 
> Thank you for uploading the new version. I quickly tested the new binary
> in our setup, Freeradius can not bind to ldap server anymore with
> version 3.2.1-3.

Meh :-(

> TLS: can't connect: (unknown error code).
> Sat Mar 11 14:28:38 2023 : Error: rlm_ldap (ldap): Bind with (anonymous)
> to ldaps://${LDAP_SERVER}:636 failed: Can't contact LDAP server
> Sat Mar 11 14:28:38 2023 : Debug: rlm_ldap: Closing libldap handle

TLS issue, sounds related to my cherry-picked patch.

Unfortunately there are a lot of patches between 3.2.1 and 3.2.2, and 
the commit message aren't always as descriptive as they could be.

https://github.com/FreeRADIUS/freeradius-server/compare/release_3_2_1...release_3_2_2

https://github.com/FreeRADIUS/freeradius-server/commit/d23987cbf55821dc56ab70d5ce6af3305cf83289
https://github.com/FreeRADIUS/freeradius-server/commit/3d08027f30c6d9c1eaccf7d60c68c8f7d78017c3

are likely candidates.

Just to make sure, could you quickly verify which of these versions are 
broken as well in your setup?

- 3.2.1-1 from testing
- 3.2.1-2 from http://snapshot.debian.org/package/freeradius/3.2.1%2Bdfsg-2/
- 3.2.2-1~exp1 from experimental (just uploaded, might take a few hours 
to appear in the archive)

Bernhard