[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS issues




On 8 Apr 2010, at 03:57, Daniel Gomes wrote:

First of all, the specs: it's a OpenLDAP 2.4.19 compiled (manually, not
via apt-get) on a Ubuntu 8.04 (Hardy)

Hmm. Ubuntu and Debian OpenLDAP packages use GNUTLS by default, and I've certainly had problems with cert name recognition - especially with subjectAltNames in certificates before. Hit it with the LDAP URI set to the name in the subjectName, and it works. Hit it with the subjectAltName DNS names, and it tends to barf.

I recompile the OpenLDAP debs from package source (better still - use the 2.4.21 package from Lucid), and change debian/configure.options from "--with-ssl=gnutls" to "--with-ssl=openssl"; also change the debian/control file dependencies from "libgnutls-dev (>= {version})" to "libssl-dev". Follow that with a dpkg-buildpackage -rfakeroot, and you should end up with OpenSSL linked packages.

Note: I'm not trying to get into yet another Debian/GNUTLS/OpenSSL licensing debate here, just saying what works for me.

Cheers,

Neil




NEIL DUNBAR
Systems Architect

(602) 850-5783 work
+44 7976 616583 mobile
+1 (602) 535-6914 US mobile