Bug#810814: libgnutls26: Encrypted LDAP connection doesn't work after libgnutls26 update
Frederic Van Espen
frederic.van.espen at escaux.com
Wed Jan 20 09:59:42 UTC 2016
Hi,
On Thu, 14 Jan 2016 23:49:54 0100 Christoph Schindler <hop at 30hopsmax.at>
wrote:
> The problem seems to have to do with a self-signed root certificate that
uses MD5 (as the root cert from cacert.org does) for its signature.
Started getting this same issue yesterday after upgrading gnutls on wheezy.
We're using our own self-signed root certificate here but it does not
appear to be MD5 though. The root certificate is:
Signature Algorithm: sha512WithRSAEncryption
The certificate used by the LDAP server, signed by the root certificate:
Signature Algorithm: sha1WithRSAEncryption
We're connecting to LDAP from postfix. Here's the postmap debugging output:
postmap: dict_ldap_debug: TLS: can't connect: The signature algorithm is
not supported..
postmap: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect
error
Cheers,
Frederic
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20160120/43f66c58/attachment.html>
More information about the Pkg-gnutls-maint
mailing list