Bug#616035: [libgnutls26] Breaks OpenLDAP with message: TLS: peer cert untrusted or revoked (0x402)

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Thu Mar 10 07:54:38 UTC 2011

On 03/10/2011 04:14 AM, Vedran Furač wrote:

>>>>>   - subject `blahblah', issuer `blahblah', RSA key 1024 bits, signed
>>>>> using RSA-SHA, activated `2006-07-22 12:59:58 UTC', expires `2009-07-21
>>>>> 12:59:58 UTC', SHA-1 fingerprint `ec5248b3194be9fda5639b59458962bc9bee32cc'
>>>> Looks like one of certs had expired?
>>> That could be the problem, but that would indicate a bug in the all
>>> previous versions of gnutls.
>> The expiration checking had to be explicitly done by the application using
>> gnutls in the previous version. Implicit checking by gnutls was added in 2.8.x.
> 2.8? But it works for me in 2.8.6, something is changed in 2.10.x.

The change in 2.10 was that the intermediate and CA certificates are
being checked for expiration as well.

>> I don't understand your point. Is the certificate expired or not?
> Sure, it's expired, but gnutls fails to detect that and is blabbing about:
> TLS: peer cert untrusted or revoked (0x402)
> TLS: can't connect: (unknown error code).
> or
> GnuTLS error: Error in the certificate.

gnutls is a library it doesn't print anything. This is an application issue.


More information about the Pkg-gnutls-maint mailing list