[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Cant make my ldap work with ssl...

* Uwe Jans (jans@hs-bremen.de) wrote:
> >        additional info: A TLS packet with unexpected length was received.
> I have the same Problem. But my Configuration worked on Debian-testing 
> und an Upgrade to Debian-unstable shows the same error-message.
> I think ist possible the libgnutls.so.10 Lib!
> Is there anybody with a working Debian Unstable SLAPD Version 
> slapd_2.1.26-1?

There were some problems with the move from gnutls7 to gnutls10.  We're
aware of them and are working on them.  The current status is that
there's a patch in the BTS which fixes the problem (for one person
anyway) but regenerates the dsa parameters for every connection (which
takes a *long* time).  We're working on a way to cache them for a period
and then regenerate them.

For those who are following the bigger GNU TLS question- I've spoken
with the author of the GNU TLS patch for OpenLDAP and he's told me that
he's willing to put it under a license compatible w/ what the OpenLDAP
people want but wants to get it cleaned up and some of these problems
fixed first.

A big issue still looming, if anyone happens to have time to look into
it, is getting SASL external TLS authentication to work w/ GNU TLS.
There's concern that there may be alot of work required to do this
writing ASN1 handling code.  If anyone has any thoughts on it or
interest in tackling this problem please contact me.



Attachment: signature.asc
Description: Digital signature