Bug#616035: [libgnutls26] Breaks OpenLDAP with message: TLS: peer cert untrusted or revoked (0x402)

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Wed Mar 9 09:21:01 UTC 2011

2011/3/8 Vedran Furač <vedran.furac at gmail.com>:

>>>   - subject `blahblah', issuer `blahblah', RSA key 1024 bits, signed
>>> using RSA-SHA, activated `2006-07-22 12:59:58 UTC', expires `2009-07-21
>>> 12:59:58 UTC', SHA-1 fingerprint `ec5248b3194be9fda5639b59458962bc9bee32cc'
>> Looks like one of certs had expired?
> That could be the problem, but that would indicate a bug in the all
> previous versions of gnutls.

The expiration checking had to be explicitly done by the application using
gnutls in the previous version. Implicit checking by gnutls was added in 2.8.x.

> Also note that same certificate works with
> apache, postfix, dovecot,... and their clients (firefox, thunderbird,...).

I don't understand your point. Is the certificate expired or not?


More information about the Pkg-gnutls-maint mailing list