Recently updated gnutls then found you can’t connect to LDAP?

If you recently installed this update:

gnutls26 (2.4.2-6+lenny2) stable-security; urgency=high
  * Non-maintainer upload by the Security Team.
  * Fixed CVE-2009-2730: a vulnerability related to NUL bytes in
    X.509 certificate name fields. (Closes: #541439)
    GNUTLS-SA-2009-4

 -- Giuseppe Iuculano <iuculano@debian.org> Sun, 01 Nov 2009 21:29:06
+0100

and then found that your applications began failing to connect to your LDAP server, you may want to check that your SSL certificate is valid. Along with this update it seems that the default behaviour changed to being more strict. In my case I was using self-signed SSL certificates without the CA being available.

You can disable the verification if you don’t want it by adding:

TLS_REQCERT     never

in /etc/ldap/ldap.conf on each client machine.

One thought on “Recently updated gnutls then found you can’t connect to LDAP?

  1. It might be something else – we had this (twice) and it was because we had made certs. Not server certs. I normally used easy-rsa to make my certificates and there you need build-key-server, not build-key. We found that this bit us moving from etch to lenny.

Leave a Reply

Your email address will not be published. Required fields are marked *