Bug#506853: libgnutls26: 2.4.2-3 breaks OpenLDAP access
Stefan Söffing
soeffing at physik.uni-kl.de
Tue Nov 25 11:44:01 UTC 2008
Hi,
it says:
----------------------------
Resolving 'thea.physik.uni-kl.de'...
Connecting to '131.246.123.113:636'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
# The hostname in the certificate matches 'thea.physik.uni-kl.de'.
# valid since: Thu Sep 11 12:52:07 CEST 2008
# expires at: Sun Sep 9 12:52:07 CEST 2018
# fingerprint: 20:8B:D5:F0:F6:08:AC:34:9D:13:5B:89:98:5B:D1:63
# Subject's DN: C=DE,ST=RLP,L=Kaiserslautern,O=Technische
Universitaet,OU=Fachbereich Physik,CN=thea.physik.uni-kl.de
# Issuer's DN: C=DE,ST=RLP,O=Technische Universitaet,OU=Fachbereich
Physik,CN=CA
- Certificate[1] info:
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
# valid since: Thu Sep 11 12:47:44 CEST 2008
# expires at: Sun Sep 9 12:47:44 CEST 2018
# fingerprint: 6E:77:06:02:15:27:B6:B7:A8:67:B4:BF:60:56:64:83
# Subject's DN: C=DE,ST=RLP,O=Technische Universitaet,OU=Fachbereich
Physik,CN=CA
# Issuer's DN: C=DE,ST=RLP,O=Technische Universitaet,OU=Fachbereich
Physik,CN=CA
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed
- Simple Client Mode:
...
----------------------------
after adding an --x509cafile option with the self-signed CA certificate
the last few lines become:
----------------------------
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
----------------------------
With the old package 2.2.2-1 I got:
----------------------------
- Peer's certificate is trusted
----------------------------
Thanks!
More information about the Pkg-gnutls-maint
mailing list