Bug#616035: [libgnutls26] Breaks OpenLDAP with message: TLS: peer cert untrusted or revoked (0x402)
Vedran Furač
vedran.furac at gmail.com
Mon Mar 7 23:04:57 UTC 2011
On 03.03.2011 09:57, Simon Josefsson wrote:
> Vedran Furač <vedran.furac at gmail.com> writes:
>
>> - subject `blahblah', issuer `blahblah', RSA key 1024 bits, signed
>> using RSA-SHA, activated `2006-07-22 12:59:58 UTC', expires `2009-07-21
>> 12:59:58 UTC', SHA-1 fingerprint `ec5248b3194be9fda5639b59458962bc9bee32cc'
>
> Looks like one of certs had expired?
That could be the problem, but that would indicate a bug in the all
previous versions of gnutls. Also note that same certificate works with
apache, postfix, dovecot,... and their clients (firefox, thunderbird,...).
> Please re-run with '-d 4711 -V' to
> get more information. You removed the subject/issuer names so I cannot
> tell if that is the trusted root CA cert or an intermediate cert. If it
> is an intermediate untrusted cert, the error is expected.
It's a self-signed certificate with more/less dummy data. I can't send it.
...
|<7>| RB: Requested 1923 bytes
|<4>| REC[0xc8cfd0]: Decrypted Packet[1] Handshake(22) with length: 1918
|<6>| BUF[HSK]: Inserted 1918 bytes of Data(22)
|<6>| BUF[REC][HD]: Read 1 bytes of Data(22)
|<6>| BUF[REC][HD]: Read 3 bytes of Data(22)
|<3>| HSK[0xc8cfd0]: CERTIFICATE was received [1918 bytes]
|<6>| BUF[REC][HD]: Read 1914 bytes of Data(22)
|<6>| BUF[HSK]: Peeked 231 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<6>| BUF[HSK]: Inserted 4 bytes of Data
|<6>| BUF[HSK]: Inserted 1914 bytes of Data
|<2>| ASSERT: mpi.c:606
|<2>| ASSERT: dn.c:1211
*** Verifying server certificate failed...
|<2>| ASSERT: gnutls_kx.c:736
|<2>| ASSERT: gnutls_handshake.c:2804
|<6>| BUF[HSK]: Cleared Data from buffer
*** Fatal error: Error in the certificate.
|<4>| REC: Sending Alert[2|42] - Certificate is bad
|<4>| REC[0xc8cfd0]: Sending Packet[1] Alert(21) with length: 2
|<7>| WRITE: Will write 7 bytes to 0x4.
|<7>| WRITE: wrote 7 bytes to 0x4. Left 0 bytes. Total 7 bytes.
|<7>| 0000 - 15 03 02 00 02 02 2a
|<4>| REC[0xc8cfd0]: Sent Packet[2] Alert(21) with length: 7
*** Handshake has failed
GnuTLS error: Error in the certificate.
Regards,
Vedran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vedran_furac.vcf
Type: text/x-vcard
Size: 210 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20110308/8048571a/attachment.vcf>
More information about the Pkg-gnutls-maint
mailing list