[Pkg-openssl-devel] Bug#1027830: [ITB] Re: Bug#1027830: openssl: starttls fails on our LDAP server on bullseye, but it works on buster
Jonathan Rietveld
jonathan_rietveld at hotmail.com
Wed Jan 4 13:50:53 GMT 2023
Dear Sebastian,
Thanks for your quick reply!
Adding "-d -1", the output informs that "TLS: peer cert is untrusted or revoked (0x42)", even though the certificate is not self-signed and hasn't expired.
We've since found out that installing libldap-common resolves our issue, as others (https://github.com/wheelybird/ldap-user-manager/issues/172 and https://github.com/docker-mailserver/docker-mailserver/issues/2340) found out. This package is installed by default on buster (even before installing any ldap-related packages), but not on bullseye.
Perhaps it might make sense to add libldap-common as a dependency for other packages like libnss-ldap, pam_ldap or ldap-utils on bullseye?
Either way, our issue is resolved, and I'll leave that decision to you.
Kind regards,
Jonathan
-----Original Message-----
From: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
Sent: 04 January 2023 10:55
To: Jonathan <itb at sintjansbrug.nl>; 1027830 at bugs.debian.org
Subject: [ITB] Re: Bug#1027830: openssl: starttls fails on our LDAP server on bullseye, but it works on buster
On 2023-01-03 20:21:57 [+0000], Jonathan wrote:
> Package: openssl
> * What led up to the situation?
>
> After trying to update to bullseye, connecting to our LDAP server no longer works, both with pam_ldap package as well as using ldapsearch from ldap-utils.
What happens with if you add "-d -1" to ldapsearch?
Sebastian
More information about the Pkg-openssl-devel
mailing list