Bug#506853: libgnutls26: 2.4.2-3 breaks OpenLDAP access

Simon Josefsson simon at josefsson.org
Wed Dec 10 11:52:59 UTC 2008 

Stefan Söffing <soeffing at gmx.de> writes:

> Thanks for your help, here is the output:

Thank you, I believe this is a problem with your CA certificate, it
contains a basic constraint as follows:

			Certificate Authority (CA): FALSE

You need to set the CA constraint to TRUE for CA certificates.

Complete output of CA certificates printed below.

/Simon

X.509 Certificate Information:
	Version: 3
	Serial Number (hex): 00
	Issuer: C=DE,ST=RLP,O=Technische Universitaet,OU=Fachbereich Physik,CN=CA
	Validity:
		Not Before: Thu Sep 11 10:47:44 UTC 2008
		Not After: Sun Sep 09 10:47:44 UTC 2018
	Subject: C=DE,ST=RLP,O=Technische Universitaet,OU=Fachbereich Physik,CN=CA
	Subject Public Key Algorithm: RSA
		Modulus (bits 1024):
			bb:e9:16:ea:b0:1e:49:f9:5b:d4:d4:a6:c1:0a:b9:08
			2f:79:60:63:c0:71:80:5b:d8:17:71:e2:1e:0c:6d:09
			da:aa:06:64:69:01:a0:c1:71:50:2e:11:bd:62:86:13
			fa:f3:5f:35:b1:84:35:50:f3:18:fb:3c:01:c1:75:4d
			49:5b:e3:78:16:da:d4:98:c6:99:a8:30:3e:72:57:38
			26:b2:ec:2c:39:a2:b6:3c:28:1e:d4:df:79:de:10:e1
			ab:97:3d:44:29:01:95:68:fb:2b:f7:dd:f0:18:3f:fb
			02:69:ed:b9:5b:b1:ad:15:69:ce:80:cf:e6:cd:0f:23
		Exponent:
			01:00:01
	Extensions:
		Basic Constraints (not critical):
			Certificate Authority (CA): FALSE
		Unknown extension 2.16.840.1.113730.1.13 (not critical):
			ASCII: ..OpenSSL Generated Certificate
			Hexdump: 161d4f70656e53534c2047656e657261746564204365727469666963617465
		Subject Key Identifier (not critical):
			fab0b04945332b9dd7f56e68b591b8a24c98febb
		Authority Key Identifier (not critical):
			fab0b04945332b9dd7f56e68b591b8a24c98febb
	Signature Algorithm: RSA-SHA
	Signature:
		51:3f:8b:9a:8b:22:0c:71:ae:2c:06:66:63:8d:28:6d
		a9:b4:79:ec:49:ce:7f:e0:fb:e9:83:cb:71:4c:87:75
		a6:30:12:92:b1:fc:05:b0:5b:10:e2:4e:cd:96:fd:52
		09:f4:d8:7a:1d:a1:a7:0f:c3:43:39:22:61:95:24:71
		02:38:98:14:78:84:6e:59:bf:9e:80:7d:84:0b:19:e2
		ed:37:85:4e:38:23:31:82:e7:ed:bf:3b:f4:93:38:90
		6b:64:16:f9:5c:d5:26:a5:75:82:94:42:45:3d:f4:25
		a6:bd:b3:8b:ba:8a:93:bd:0d:3e:4d:d3:71:78:09:c2
Other Information:
	MD5 fingerprint:
		6e7706021527b6b7a867b4bf60566483
	SHA-1 fingerprint:
		5c3a6e72781972580071abeefe730d1b85f6d167
	Public Key Id:
		2ec4b962b85e75d5b06af88d58fe5af3ac1de4ec

-----BEGIN CERTIFICATE-----
MIICvzCCAiigAwIBAgIBADANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJERTEM
MAoGA1UECBMDUkxQMSAwHgYDVQQKExdUZWNobmlzY2hlIFVuaXZlcnNpdGFldDEb
MBkGA1UECxMSRmFjaGJlcmVpY2ggUGh5c2lrMQswCQYDVQQDEwJDQTAeFw0wODA5
MTExMDQ3NDRaFw0xODA5MDkxMDQ3NDRaMGcxCzAJBgNVBAYTAkRFMQwwCgYDVQQI
EwNSTFAxIDAeBgNVBAoTF1RlY2huaXNjaGUgVW5pdmVyc2l0YWV0MRswGQYDVQQL
ExJGYWNoYmVyZWljaCBQaHlzaWsxCzAJBgNVBAMTAkNBMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQC76RbqsB5J+VvU1KbBCrkIL3lgY8BxgFvYF3HiHgxtCdqq
BmRpAaDBcVAuEb1ihhP68181sYQ1UPMY+zwBwXVNSVvjeBba1JjGmagwPnJXOCay
7Cw5orY8KB7U33neEOGrlz1EKQGVaPsr993wGD/7AmntuVuxrRVpzoDP5s0PIwID
AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU+rCwSUUzK53X9W5otZG4okyY/rsw
HwYDVR0jBBgwFoAU+rCwSUUzK53X9W5otZG4okyY/rswDQYJKoZIhvcNAQEFBQAD
gYEAUT+LmosiDHGuLAZmY40obam0eexJzn/g++mDy3FMh3WmMBKSsfwFsFsQ4k7N
lv1SCfTYeh2hpw/DQzkiYZUkcQI4mBR4hG5Zv56AfYQLGeLtN4VOOCMxguftvzv0
kziQa2QW+VzVJqV1gpRCRT30Jaa9s4u6ipO9DT5N03F4CcI=
-----END CERTIFICATE-----

More information about the Pkg-gnutls-maint mailing list