[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GnuTLS / OpenSSL certificates compatibilty



Daniel Savard wrote:
Le jeudi 09 février 2012 à 23:21 +0100, rey sebastien a écrit :
Hi,

One or two question about certificate compatibility,
I have self signed certificate generated by openSSL, and the official
package of openldap in Ubuntu is compilated with gnutls library. Do you
think this configuration could create error ?

If this is the case, and if i want to maintain the easy deb package
upgrade system, do you know a repository with deb version of openldap
compiled with openssl library ?

Thanks for advice,
SR


I've just fix my problem by recompiling openldap without GnuTLS support.
You are trying to do the exact thing I did. It won't work.

I don't know about Debian and deb packages, I am running another distro.
But you need an OpenLDAP not linked to GnuTLS.

In general, if a software package is creating certificates that comply to the X.509 specs, then it should make no difference what library you use. In practice, GnuTLS and OpenSSL don't support the same set of ciphers and hashes, so the digital signatures used to create a certificate may not be compatible from one to the other. Since OpenSSL has been the de facto standard for internet apps since the early 1990s, yes, it's generally a safe bet to just stick with it.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/